FTDI Drivers Break Fake Chips, Again

Just over a year ago, FTDI, manufacturers of the most popular USB to serial conversion chip on the market, released an update to their drivers that bricked FTDI clones. Copies of FTDI chips abound in the world of cheap consumer electronics, and if you’ve bought an Arduino for $3 from a random online seller from China, you probably have one of these fake chips somewhere in your personal stash of electronics.

After a year, we have the latest update to FTDI gate. Instead of bricking fake chips, the latest FTDI drivers will inject garbage data into a circuit. Connecting a fake FTDI serial chip to a computer running the latest Windows driver will output “NON GENUINE DEVICE FOUND!”, an undocumented functionality that may break some products.

FTDI gate mk. 1 merely bricked fake and clone chips, rendering them inoperable. Because fakes and clones of these chips are extremely common in the supply chain, and because it’s very difficult to both tell them apart and ensure you’re getting genuine chips, this driver update had the possibility to break any device using one of these chips. Cooler heads eventually prevailed, FTDI backed down from their ‘intentional bricking’ stance, and Microsoft removed the driver responsible with a Windows update. Still, the potential for medical and industrial devices to fail because of a random driver update was very real.

The newest functionality to the FTDI driver released through a Windows update merely injects unwanted but predictable data into the serial stream. Having a device spit out “NON GENUINE DEVICE FOUND!” won’t necessarily break a device, but it is an undocumented feature that could cause some devices to behave oddly. Because no one really knows if they have genuine FTDI chips or not – this undocumented feature could cause problems in everything from industrial equipment to medical devices, and of course in Arduinos whose only purpose is to blink a LED.

Right now, the only option to avoid this undocumented feature is to either use Linux or turn off Windows Update. Since the latter isn’t really a great idea, be prepared constantly roll back the FTDI driver to a known good version.

319 thoughts on “FTDI Drivers Break Fake Chips, Again

  1. Windows users can disable the automatic updating of drivers while still retaining all other Windows Updates. Even under Windows 10, which has an otherwise totalitarian approach to updates, there’s still an option if you know where to look.

    For Windows 7, see https://support.microsoft.com/en-us/kb/2500967

    For Windows 10, see http://winsupersite.com/windows-10/stop-automatic-driver-updates-windows-10

    (No version of Windows was released between 7 and 10 and I won’t hear otherwise!)

    1. “(No version of Windows was released between 7 and 10 and I won’t hear otherwise!)”

      I agree, but there was that huge counterfeit Windows that trashed a lot of PC’s and laptops during that time.
      IIRC, it was called “8-gate” in the trade magazines.

    1. Isn’t that the whole reason for the success of FTDI, so you didn’t have to?

      This whole thing comes down to once again the victim, FTDI being blamed by end user who was ripped off by some grey market profiteer. Come on, people tried to save a couple of $ by purchasing cloned crap from eBay and got stung.

      It’s the same thing with teachers in the US being blamed for austerity while it was the banks that made off with the cash.

        1. And that is FTDI’s fault how???

          If you buy from a reliable source then A) there is a MUCH lower chance of a fake and B) if there IS a fake then you have reasonable recourse.

          Bottom line… don’t buy cheap crap from China then complain when it fails, for whatever reason. If buying cheap crap from China then take it on the chin and put it down to experience, then move on.

          1. @[Steve C]

            As a result of FTDI’s ignorant and arrogant response to this situation … not buying FTDI chips is the *only* way to ensure you don’t end up with fakes.

          2. @Rob
            No…. It is the only way to ensure you don’t end up with fake FTDI chips!!!

            Doesn’t mean you won’t get OTHER fake chips. If you are good with that, then more the power to you. I’m not though.

  2. LOL they don’t learn.

    That said, I see where they are coming from. Host else do you dissuade someone from using counterfeit chips? The issue is that MOST people don’t know that what they’re are getting is fake (or what an ftdi is).

    1. This isn’t a bad point. The ripoffs are cheating them, so who says they can’t fight dirty? Honestly, it’s the hacker’s solution to IP protection. In another universe where the chips were easier to identify and people weren’t so cheap, we might be praising them.

      1. They can fight however they like, but the inevitable result of a war is a refugee stream seeking out solace from the fighting.

        In this case, the best way to insure you avoid the battleground is to stay away from FTDI entirely.

          1. there is no sense in fighting the end-customer and punishing him/her for someone’s else fault .. … .. … they are just big enough to bully people around but not enough to stand up who’s cheating them ?

          2. That is correct. Since I have no way to determine that an FTDI chip is authentic, and I know that I will have trouble if it’s fake, then I won’t buy anything with an FTDI chip in it, and I certainly won’t design anything with an FTDI chip in it. I think that’s the stance many people are taking.

            FTDI handled this badly from the very start. Sure, they were a victim of the unscrupulous Chinese industry, but what made this particularly attractive to them was the high price and high margin on these parts.

          3. Same here it’s probably best to avoid FTDI’s products all together because if they are including code like this their drivers simply cannot be trusted for anything remotely mission critical or even something you don’t want glitching like a 3D printer.

          4. That assumes that the person who bought the part is the end user. Which applies to many of us, like myself. I have an Arduino Nano clone that quite likely has a fake FTDI chip on it. But I’ve never used it in Windows, and probably will never have any reason to. I use it only as a programmer for Atmel AVR chips, which I only do in Linux. So no big deal. In fact, other than the labeling of the chip, if it’s a fake, the counterfeiter isn’t doing anything wrong in my case, because I don’t use FTDI’s driver, and the counterfeiter doesn’t use FTDI’s hardware design. Up until “FTDIgate”, I didn’t care much about FTDI. They made what I consider a generic product, as do several other manufacturers. So for me, seeing the FTDI name on the chip wasn’t even a selling point. All I care is that this generic part does its simple job. But now as a result of FTDI’s idiotic actions, seeing an FTDI chip on a board is a BIG RED FLAG.

            But that’s not really the point. The point that half the people here are making, and the other half don’t seem to get, is that FTDI is not being diligent about stopping counterfeiting by going after Amazon and eBay, and instead is risking the reputations of anybody who uses what they believe are FTDI’s chips in products that they sell to others. If I sell a thousand widgets that I had built at an assembly house in China or in the US that does parts procurement, these would have passed all sensible performance tests, but are now crap because some of my customers plug my product into Windows machines and do regular updates. My customers have no idea about this drama that FTDI has created; they only know that my widget doesn’t work, and I’m likely to go out of business as a result, because I’m too small a business at this point to survive a 90% return rate (assuming that 10% of my customers use MacOSX or Linux). In turn, I now don’t trust my assembly house because of this, even though it’s very likely not their fault, either, and they suffer as well. All of this because FTDI is making themselves a target by overpricing their products, and then lashing out at their customers’ end users rather than going after the guilty parties.

          5. And for those of you saying, yes we DO have an authenticity test – the Windows driver. Bullshit. NOW we have an authenticity test for the current batch of counterfeits, but we didn’t have that a year ago, and when somebody comes up with a counterfeit that doesn’t get caught by FTDI’s current driver, we once again won’t have an authenticity test until the next time FTDI goes apeshit on us. Not acceptable.

          6. @BrightBlueJim Not using FTDI’s design? They are using FTDI’s design. Maybe not exactly, but it was reverse engineered, and them probably modified to cut corners. They driver is using their protocols and such, both valuable IP. Adding the FTDI logo just makes it worse. Now you have this inferior product using their design, probably tarnishing their brand. FTDI _should_ defend their IP, but with China you can’t really do anything but play dirty.

            Do I think they are handling it the right way? No. Do I think they are justified in defending their IP, even by bricking counterfeits? Absolutely, I just don’t think it will work out in their favour. Unfortunately I don’t know a better solution.

      2. Hah. The FT232 hasn’t changed one bit since it was released, same fab technology, same exuberant price. Part of the problem is their fear of deprecating and not developing a drop in replacement.

        1. Please do tell, how does deprecating their old technology solve their problem??

          I presume you mean deprecate the old one, and make new drivers that are only compatible with the new “drop in” replacement? If this is the case, then every product that was built and sold using the old FT232s would be bricked, even those bought legitimately. This would piss off all of FTDIs customers that ordered millions of units expecting them to last as long as the lifetime of their product. FTDI would inevitably lose the trust (and likely the business) of their many enterprise customers. Talk about cutting off your nose to spite your face.

          1. The only way FTDI is going to get out from under the mess they are in is to drop the cost of their chips. They can’t go after the counterfeiters. They can’t go after the consumers who buy products containing counterfeit chips. They can only go after people supplying counterfeit chips or compete with the counterfeiters.

          2. A way out of the mess is to design a new chip that’s cheaper than the FT232, but has more features as well. It cannot be a drop-in, or people will just buy the old FT232. So people need an incentive to drop the old chip for the newer chip: lower price and more (or slightly different) features.

            Or in other words: deprecate the old technology by creating something cheaper and more feature-rich. It could be a drop-in replacement, but it’s probably better if not.

          3. No depreciation needed. Just drop the price on a standard part that is well into it’s life and can be produced on less-bleeding edge assembly lines.

            It’s like prescription drug patents- the manufacturer is granted a patent, that patent expires and other companies are allowed to make the generics. In this case- generic and counterfeit are synonymous.

            Chinese are able to make a comparable part at a far lower price so I’m sure FTDI can manage. It’s like saying that the only true mobile phone runs iOS and everything else is a knock-off and those users deserve a kernel update that decreases the output of the radios- dropped calls and spotty coverage are just desserts for people that wont pony up and pay the iPremium.

            FTDI tried this shit once and were given forgiveness laced with good-natured teasing. Hopefully forgiveness comes a little slower this time… I don’t want a random person to die, but I’d still like to see them get sued for crashing some poor souls ventilator.

            If FTDI is serious then they need to get the counterfeits off Amazon and eBay before turning intended users into unwitting victims.

          4. @RandomComment The FT232 can drive IO at 5V, 3.3V, 2.8V, 1.8V, while the FT231X can only do 3.3V, although it’s 5V tolerant. How big a deal this is in 2016 depends on who gets asked and what they plan on attaching to it.

      3. I dont mind if they fight dirty against the manufacturers of the fake chips directly, but the approaches they have taken so far wait until the chips are in the hands of end users. It’s unnecessary collateral damage and is ruining their reputation.

          1. Develop a new chip without leaked designs, drop support for old chips, drop the price of the new chips. bribe arduino to use the new chips in new hardware, thus kickstarting demand.

          2. You are absolutely ignorant of what the clones are.

            The clones are mask ROM microcontrollers emulating the FTDI protocol. They are not copies of the silicon designs.

            I’m not saying FTDI’s prices are insane, but there’s a reason why everyone is using them. They’re pretty much a standard, and their MSSP mode is *the* standard for pretty much every JTAG wiggler out there.

            As far as developing a new chip… maybe they are, but it doesn’t address the fact that their most popular devices are being emulated and the performance and quality of these clones directly reflects on FTDI. Designing a new device doesn’t fix the issue. Besides, the cost of developing a new ASIC is astronomical compared to trying to stop the clones through software means.

          3. So people are using chips running emulators of the real thing, that run just as fast as the real thing, and they’re still cheaper than the real thing by a large margin?
            Wow.

          4. Not by attacking the end users…. companies like SparkFun, who are known for their dedication to making sure they use authentic components, even managed to have counterfeits wind up in their products. If a manufacturer is having a hard time even telling the difference, then how is a user going to tell the difference. The point is, when the average joe goes and buys a cheapo arduino, he isn’t consciously trying to “pirate” a chip.

          5. Build a “low” cost “genuine ftdi” testing rig and give it away to large manufacturing houses (and make it affordable for smaller shops). Give them an easy way to test the chips in mass before assembly. And if their tester happens to brick non genuine chips and the manufacturers start sending large batches of “bad” chips back to the distributors then the incentive will be there for the distributors to make sure they are procuring genuine parts.

            The truth of the matter is that they can’t depreciate their old chips if they wanted to. They are used in industrial control, medical, security, and aerospace designs that can’t be changes without huge efforts to redesign and re-certify every component. The reason they will never lower their chip price is that the previously mentioned industries are willing to pay a premium for a reliable, time tested, pre-certified design, and gadget makers and hobbyist are just riding the coat tails of those decisions.

          6. @Tray: If FTDI’s reason for keeping their prices high is for their high-ticket customers, then they shouldn’t object to being low-balled by counterfeiters. They’re seeing people buying more chips from the counterfeiters than they themselves make, and thinking that this is all lost revenue, but the fact is that the people buying the cheap copies simply would not BUY FTDI chips at their prices.

      4. Sorry I cannot call this an ethical by any means as it’s incredibly irresponsible on their part to be injecting garbage data.
        If the driver starts sipping out garbage data in something like process control it could cost millions and they will get sued.
        The idiot who came up with this solution may even rightfully end up in prison if this feature causes someone to get killed.

          1. @aaa

            Doubtful. FTDI would unlikely have footing when said user was unaware of the counterfeit chips. The problem is, FTDI has lost control of their supply chain. They no longer can guarentee that a manufacturer can get the authentic chips when buying through a dealer.

          2. What about some sort of “recommended” dealer? Visit some chip places and they have a list of recommended sources. Can’t FTDI do that?

            I imagine that a list of reputable dealers would be hard to fake on their own site.

  3. What I find the most annoying thing in this whole story is that FTDI doesn’t release a tool that can detect non genuine chips.
    Apparently they can detect it and brick them/make them inoperable but a simple tool to check if that reel of chips you just bought is fake is too much trouble.

          1. I think what nsayer was getting at is they could just run a debugger on the driver to watch what the driver does to detect legit/not chips and then tweak their chip to pass the test.

    1. The problem is no such tool exists… If they try to change something in the chip firmware or device drivers, then the USB line can be sniffed to crack the security feature, and the counterfeit chips will adjust to be complient with the new security. If they try to change something in silicon, the counterfeiters will just copy the new silicon and new counterfeit chips will be on the market in no time at all.

      I hate to play devils advocate, but I entirely sympathize with FTDIs dilema. They are being stolen from by counterfeiters, and this is the only way they (or anyone else) knows of to fight back

      1. “I hate to play devils advocate, but I entirely sympathize with FTDIs dilema. They are being stolen from by counterfeiters, and this is the only way they (or anyone else) knows of to fight back”

        …by punishing the end user because an applications engineer unknowingly purchased a clone?

        1. Say you bought a stolen car, but you bought it from a dealership and thought the car was legal. The guy who the car was stolen from called the police and reported it stolen, and some time later the police come and take your car. Do you blame the guy who called the police, or do you blame the dealership that sold you a stolen car?

          The responsibility lies with the manufacturer that sold you a product with counterfeit chips (even if they thought the chips were authentic). Complain to whoever sold you your product that no longer works. If they bought the chip through a legitimate supply chain, then they can sue that supplier for selling them counterfeit chips.

          1. Let’s try to keep the analogy relevant here.

            You’ve got a clone Ford, only you don’t know it’s a clone. It operates exactly the same as a real Ford and uses the same firmware that official Ford cars do.

            One day you try to start your car and you realize that the radio only plays “THIS IS A COUNTERFEIT FORD” over and over.

            If the counterfeiter used his own updates you would never have known, but because he cut corners and made the car so it uses Ford’s updates, you’re screwed.

            Is this Ford’s fault? Should Ford just keep letting you drive the car even though it has no way to know if it’s mechanically sound? If you get into an accident and it can be proven that Ford allowed the updates to function on clone cars, would they have any potential liability?

          2. It’s like your mechanic installed a new ECU in your Ford, not knowing it was not an OEM part. Then one of Ford’s updates made it start flashing “NON GENUINE ECU FOUND!” in Morse code out of a pin connected somewhere inside the engine, maybe the cruise control or something, who knows and Ford doesn’t care.

          3. No, it’s not out “some random pin” — it is out of the normal “UART RX” pin (i.e. the pin that would normally connect to the MCU UART receiver).

            And again — is it Ford’s fault that your mechanic did not install a Ford ECU? Is it Ford’s fault that there is a Ford ECU clone out there that expects to accept Ford’s updates? This is a great example because it highlights the issue. If you were to get into an accident because the clone Ford ECU had a stuck accelerator bug… should Ford be held liable? What about the mechanic who unknowingly installed a clone, thinking it was genuine? I think Ford is under some moral/ethical obligation to ensure that its code is not trivially used on non-Ford products; Ford needs to do its due diligence to ensure that the software is running on certified hardware.

            Now you can argue that you should be able to build/buy ECU that can run Ford’s updates, but in that case you’re taking matters into your own hands, and if one day Ford’s updates stopped working in your clone ECU, would you go around saying “Damn Ford, I’ll never buy another!” ?

          4. I’m equating “some random pin” on the ECU with the fact that the primary function of the FTDI chip is to provide a UART interface, therefore the string that it’s outputting on its UART pins will doubtlessly be connected to something important to the operation of the device.

          5. Um… I blame the dealership that bought a stolen car from someone and resold it to me without doing their due diligence?

            Every reputable dealer hands you a CarFax report at the very minimum. Your example has no basis in reality.

            I bought my fake chip off Amazon. Exact fake chip is still for sale on Amazon. It is outside my return window so I’m SoL with chip thats been bricked by the manufacturer while making no attempt at solving the problem at one of the major distribution channels for the source of the problem.

          6. For us, it’s telling us on a standard UART pin, that it’s non-genuine. But for the guy on life support, where the chip is inside the black box, it’s just turned off life support. Most chips end up in devices which normal people, not us, use. They don’t know what’s happening.
            If FTDI had wanted to be arseholes they could have popped up a message box to tell you it was non-genuine, and left the functionality alone. But this is stupid and dangerous.

        2. How about just buying your products directly from FTDI? That’s what I did when I couldn’t get the ‘dumpster grade’ components to work.

          Here’s a devil’s advocate thought… The time I spent messing around with the crap components cost me more than 20 times what I paid for the genuine part. Is that $3 USB to serial cord really worth the savings?d

          1. They’re often out of stock from FTDI and their distributors, especially in bulk. FTDI need to figure out how to make the chips cheaper, and in a higher quantity. Perhaps they should do like the clones and roll a cheap mask-ROMed MCU replacement.

      2. I understand the position they’re in, but this is the WORST way they could go about fixing it. The clone chips exist for a reason, FTDI needs to start competing price and production-wise or go after the counterfeiters directly. FTDI chips aren’t exactly cheap, and dicking with the drivers is just going to piss off end users who might not even have the ability to swap the chip out themselves if they wanted to get an authentic IC (assuming they even *know* they didn’t have an authentic IC).

        All they’re doing is publicly showing they cannot be trusted in the most spectacular way possible. I imagine there are quite a few (possibly very expensive) devices in the wild that will just stop working after potentially years of use, and it’s not going to be FTDI that has to do damage control when the influx of angry support tickets come in. Why would an OEM want anything to do with these chips if they’re going to wind up costing them money and bad PR?

        I cannot fathom what FTDI is thinking here, they do indeed have a valid beef, but going all vigilante justice with a driver update is indescribably irresponsible for such a mature and prolific chip!

        1. Your argument is ignorant. FTDI isnt in the wrong (morally or legally)… the manufacturers who sold you a product with a counterfeit chips are the ignorant ones. If not them, then the supply chain who sourced the counterfeit chips to that manufacturer is to blame.

          Somewhere along the way, someone bought chips without verifying they were coming from a legitimate source. That is the person you should be mad at. Maybe its the manufacturer. Maybe its digikey who sold parts to the manufacturer.

          1. No, this is LITERALLY THE WORST WAY TO HANDLE IT.

            FTDI has no right to brick chips at all, never mind bricking chips that they didn’t make, but I’ll get tot that in a moment. Not only that but they decided that this time, instead of simply not working, they’d make it dangerous.

            First off, FTDI has no right to brick chips after they’ve been sold to the end user. It doesn’t matter who sold them. They’re the end user’s property, and every FTDI programmer responsible should be going to jail right now for malicious computer tampering. Not at any time have these chips been FTDI’s property, and if I personally own them or a device containing them, then FTDI has no right to interfere with their (safe) operation.

            These chips are also not just *FTDI clones.* They’re legitimate functioning chips manufactured by other competing companies, and sold to consumers. Whether they mayor may not be *inferior products* when compared to FTDI’s chips is beside the point. Their branding is wrong, which is misleading, but they’re still a legitimate, working product sold to other manufacturers and used in products.

            Finally, as I alluded to earlier, there is the question of safety. What happens if I have some control unit connected to a device over serial, using an FTDI chip, which makes decisions based on parsed data from the link? It might be soldered together, it might use a proprietary cable, or I might just be a little bit lazy or unimaginative. I didn’t include any kind of checking for say, a non-numerical character or anything else, because how would that get there? Then FTDI’s driver rolls out, the controller (running windows) gets updated, and the next time my device starts up some garbage text comes down the line and is *interpreted* by the parser. The controller’s application might crash outright, or the application might accept this new data as being legitimate.

            Now suppose that this controller is an industrial one reading the temperature of a blast furnace. Or a heart and lung machine sitting next to a hospital bed, measuring the blood oxygen level from a microcontroller’s sensors, keeping a little girl alive.

          2. yes, yes, what if, what if, what if, what if.

            1) If you’re using FTDI’s VID:PID combo and emulating their shit without a license from them and can’t emulate it enough to fool FTDI’s driver, that’s on the clone vendor. Can you indicate to me ONE LEGITIMATE CHIP FROM ANOTHER VENDOR which has been affected? No? Oh, so I guess your point is invalid.

            2) If you’re using a serial protocol with absolutely no error detection then your design is flawed. FULL STOP.

            3) I’ve addressed the safety issue many times in this thread. It isn’t an issue on medical devices, and if you’re controlling something that has the potential to harm someone with your hacked together Arduino contraption then I guess it’s on you, because of my previous point.

            Is it shitty to break devices that are using clones? Yes, but other than let the clones use their drivers without permission or consequence… what would you do? Display a nagware message? that’s a potential fix but just as broken to the end user. Spewing out alternative serial data is a good way to get someone’s attention, and a hell of a lot better than bricking the device, which I spoke out against when it happened.

            So really… what is your solution?

          3. “FTDI has no right to brick chips at all, never mind bricking chips that they didn’t make, but I’ll get tot that in a moment. Not only that but they decided that this time, instead of simply not working, they’d make it dangerous.”

            Simple. Don’t use the FTDI driver for non-FTDI chips. Problem solved. Should I be mad at Canon when their driver screws up my HP printer?

          4. @Billp The simple thing is, these drivers are automatically distributed through windows. The FTDI drivers are automatically installed when the device is first used, and remain up to date through windows update. What FTDI has done, is pervert this system than on overwhelming number of people trust and rely upon, to enact petty revenge.

          1. I’ve got two of them, one genuine and one counterfeit.

            It looks like the newest driver, shipped with win10, have dropped support for even genuine chips from HX series.
            Meanwhile on win7 I could use it. (counterfeit didn’t worked at all, without installing “older” driver)

          2. I’ve heard this before. Apparently Prolific not only made a driver that didn’t work with counterfeit chips they made a driver that refuses to work with any “obsolete” chips even if they are genuine. Don’t know the details for sure, but you’re now the second person who confirms Windows 10 drivers don’t work with older Prolific chips.

      3. I disagree that they are being stolen from by counterfeiters: It’s actually that their protocol has become a genericized standard, akin to some trademarks such as Aspirin in the US.

        And they’re fighting tooth and nail to prevent it becoming an actual standard because they want to maintain a monopoly as the only legal supplier.

        As long as the FTDI protocol isn’t a standard (and I’d argue it already is globally) they can go after anyone else implementing equivalent chips in theory, but there are too many of those in countries with weak/non-existent IP laws to actually pursue that route.

        1. If the protocol is indeed becoming a commodity protocol then MS or someone else can write a generic driver and this problem will disappear overnight, at least from a user perspective. Linux doesn’t have this issue for this specific reason. Even on Linux though the FTDI proprietary VCP/D2XX drivers are still available and used for higher performance.

      4. They who made it could have left out the garbage data feature and have the driver still work but display a message the chip is a counterfeit and to purchase the genuine article and maybe even go as far as not working.
        I would have been ok with this.
        But injecting garbage data into the circuit is potentially dangerous and the fact they think this is ok completely destroys any sympathy I may have had for them.
        I would not shed a single tear of they ended up going bankrupt.

      5. This is a company that knowingly make other devices fail to work by doing active sabotage. This is malware and probably illegal in most civilized countries.

        What they could have done was simply not work with fake hardware – no bricking, no injecting crap but just not treating it like a supported device.

    1. Actually, no. The problem is, early on the Arduino folks made a mind-boggingly dumb choice by using a part (the ATmega328) with an xtal (16MHz) that results in borderline-inadequate timing for the most popular serial baud rate, 115200: the resulting timing error is almost out of spec for correctability. Unfortunately, while the FTDI chips seem to handle this fairly well (which is why you don’t see many more complaints about the issue probably), some alternatives are definitely doing a worse job of it, the CH340G being especially pointed out as problematic.Now, make no mistake – it still works 99.9% of the time, but on large transfers things start to break – guess what happens when you stream a really large G-code file to your Arduino-based CNC controller and a few digits change or disappear…

      1. Interesting to hear. Do you have any further read about that? I recently ran some checksummed long-term transfer tests on an ch341 arduino and had like 1 in a million bytes error. Not too bad but not too good either.

        1. Thats a 125 PPB error rate… pretty fucking horrible. Consider QPI, where 10 parts per quadrillion is considered unacceptable or PCIe G3 where 1 part per trillion is unacceptable.

          1. That would be a horrible error rate for an on-board protocol like PCIe, where the PCB designer has a high degree of control over signal transmission. An asynchronous serial port that is typically connected by unshielded twisted pairs is not like this. It is the physical layer of a communications system, and for a RAW error rate this isn’t bad. Raw data from a serial port should never be considered an error-free stream.

            Most likely, errors experienced even at 115200 bits/second are NOT due to the clock rate inaccuracy. [Max] says that 115200 bps through an Arduino UART is “almost out of spec”. We have another term for that: WITHIN spec. This is why we have specifications – they tell you how far off something can be without causing problems.

          2. “An asynchronous serial port that is typically connected by unshielded twisted pairs is not like this. ”

            But that’s not what’s going on here. The link is between a USB-to-Serial chip and a ‘328. There are no extra problems caused by transmission, it’s all in the timing error, because the Arduino *can’t* use an 115,200 baud rate exactly.

            http://wormfood.net/avrbaudcalc.php

            With a 16 MHz base rate, an 115,200 baud rate transmission is between 3.7% off from nominal, so you’re eating a huge percentage of your margin just because of a poor design choice (3.7% might not seem like much, but obviously that error stacks up until you can resynchronize). Swap the crystal with a 14.7456 MHz crystal, and hey look! That error goes away entirely.

            “Raw data from a serial port should never be considered an error-free stream.”

            Well… I mean, I agree at some level. But this isn’t exactly the same thing here. I mean, USB will basically never let an error through. And a UART link at 115200 that’s purely on board should really be basically error-free within the lifetime of the universe.

            There is the issue of “you need to verify who you’re talking to”, but that’s separate. Which is what the FTDI problem is. Getting a string of *complete* garbage is easy to detect. Getting a string that looks *almost* correct is entirely different.

            So the problem here is that the error is *entirely* coming from the Arduino’s crystal choice. It has a *designed* raw error rate, and that designed raw error rate is pretty high. And *dealing* with that error rate is pretty annoying, considering what you have to add to what should be an error-free link.

      2. I seem to recall this coming up with XBee’s, and the solution is to use the baud rate of 111111, which is the closest actual baud rate resulting from available divisors:
        http://www.digi.com/support/forum/4787/using-the-xbee-at-115-200-baud-updated-16-march-2010

        As for large transfers not going through … is there seriously no UDP/TCP/RDP-over-UART standard that has won out in this community? Something implemented in a plain C state machine that isn’t somehow linked to sysctls and ioctl’s, that can easily be ported to any CSP/BSP? Someone should really do that….

        CH340G is garbage because of the unsigned driver and shady download site. Cypress has a ton of USB/serial products, but their drivers are also a dysfunctional shit soup.

        1. “CH340G is garbage because of the unsigned driver and shady download site. Cypress has a ton of USB/serial products, but their drivers are also a dysfunctional shit soup.”

          Hence why the FTDI is cloned so much. They put the money and effort in to getting it right and others are trying to profit from it.

    1. Because what they’re doing is technically not wrong. Their drivers are designed to work with FTDI chips and the driver works flawlessly at that.

      It’s true that the driver won’t work with counterfeit chips, but that is not a requirement in order to have a publishing license. It would be akin to expecting an (insert brand here) driver to work for a (insert other brand) product.

      Sure, they’re deliberately breaking clone chips, but the real issue in my opinion is that the clone chips are using FTDI’s VID/PID. The counterfeiters could just as easily roll their own VID/PID and their own usb driver, and it would work perfectly.

      I agree that there is a chance that this will break existing products, but I think this is worth the hassle in the long run. If I’m paying for an FTDI chip, having a way to distinguish it from a counterfeit is good. If I want a cheaper product, I can get a non-FTDI chip with non-FTDI drivers.

      1. Exactly. I’m really surprised cloners are responding to this by just squatting an unused VID/PID and just releasing their own copies of FTDI drivers with the mod. The fact the are continuing to use FTDI VID/PID (IMO) is still a direct assault on FTDI’s product line and name recognition.

        Shame our international law is absolutely worthless against cloners like this.

        1. Scammers, by using the PID/VID on their cloned chips, are getting the full markup for the FTDI brand, including the reliability, testing, quality controls, etc that everyone expects. Most likely, they could not sell these chips at the same price they are currently getting for them because of that. Both chips likely cost the exact same to manufacture, but FTDI has the higher cost outside of manufacturing.

          This is supported by zeptobars in his post, which shows the cheap mask rom and combined layouts used. This design just isnt up to snuff. http://zeptobars.ru/en/read/FTDI-FT232RL-real-vs-fake-supereal

          Also, at the end, zeptobars talks to FTDI about sending the exact same data we are discussing now as an alternative to bricking the devices… It’s definitely better that the devices are getting bricked, but still shitty for the end consumer.

          Mike

          1. USB license fees would then also apply as wel as the Microsoft driver certification costs. I see no problem with the way FTDI works here. No wonder the clone chips are cheaper as they attempt to leverage the really costly things by free-riding FTDIs wagon. Making a device is cheap, making it into a product is not …

  4. The part that struck me the last time this came through: the FTDI “fake” chips were actually different technology rather than a straight up copy of the silicon. They just happened to use the FTDI driver as a sort of de-facto standard. Now, if FTDI doesn’t see the value in becoming a standard…well, someone else will.

    1. To be fair, there were some marked as FTDI, and fairly closely too. (I wouldn’t have known, but I only casually deal with the FTDI stuff.)

      It still doesn’t excuse the lack of a simple Windows USB-Serial class driver, which is what a lot of those other chips were using it for. (And why it just works in Linux. as do all the USB/serial interfaces I’ve dealt with, as opposed to trying to use them in Windows, from old cell phones, to current USB/Serial devices.)

    2. No, but people forget FTDI did borrow a community project to found their company.

      Note that Microchip, Cypress, and other vendors released chips after the first FTDI scam back in the late 90’s.

      We have an FTDI chip on some of our hardware up for revision, so I am pulling their expensive shit off the design roster as we speak. I am simply tired of their antics, and the mcu has the VID:PID from another UART driver already.

    3. The last time I checked with some of the Chinese distributors, they were burning firmware on 16 bit ARMs that emulated pin for pin, an FTDI. It was a drop-in replacement.

      Some of the chips stated that it was a “FTDI compatible chip” whilst some others just slapped on a FTDI silkscreen.

      With regards to the compatible chips; they aren’t counterfeit, nor are they deceptive in any way. Its that the deceptive ones got mixed in the shipments from FTDI (because FTDI makes chips too in Shanghai).

      Unfortunately, the best answer is to not play the game. MAX2221, ch340g, or others. Hackers don’t let hackers get FTDIcked

        1. Isn’t the MCP2221 the chip that inserts a 30µs Pause between 2 chars it sends out?

          That doesn’t matter much on low baud rates, but on 115200 you might start to notice throughput problems.

          Someone posted a link about this problem on the EEV-Blog forums.

    4. “They just happened to use the FTDI driver as a sort of de-facto standard.”

      Because they weren’t trying to be a competitor to FTDI. They were trying to steal FTDI name brand recognition to make a profit. Just like Gucci knock-offs say Gucci on them.

      1. Or because writing (and signing, and getting people to install) drivers is difficult, the USB-IF throws in another obstacle, and as mentioned before the FTDI-style interface is a defacto working standard that despite their intentions (and against their best efforts) is now bigger than just them.

      1. CDC is absolute crap and it’s a lot of the reason that this happens.

        If CDC were worth using then none of this would occur. The plain and simple explanation
        is that CDC is NOT worth using … at all.

    5. There already is a standard for USB serial. Has been since January 1999. It’s called “Universal Serial Bus Class Definitions for Communication Devices”.

      When I started Teensy in 2008, it’s what I implemented. LUFA and other projects had it too. It’s what Arduino used (thanks to LUFA) when they switched away from FTDI in 2010, when Arduino Uno replaced Duemilanove.

      Microsoft just recently started automatically recognizing this standard. They fixed long-standing bugs in their driver with Windows 10, and it finally loads automatically when you plug in any device which follow the standard with “abstract control model” for normal serial.

      Until just recently FTDI had the only really good serial drivers on Windows. Now that Windows 10 is release, and this terrible bug is finally fixed and Microsoft’s drivers load automatically, and USB microcontrollers are so cheap, there’s little incentive to keep using FTDI.

      https://www.youtube.com/watch?v=DRmvUsa2xuU

      1. The USB-IF chokehold on VID/PID frustration is still a big problem that is neatly sidestepped by using a premade USB-to-serial chip. Now, a lot of the newer chips use CDC and found it hard to gain traction because of the problems that existed with the implementation; and they’re definitely getting more attention in the past year because of the improvements you mention.

        I’d like the other half of the solution though, which is a reasonable way for any person to create a recognizable and resellable device that uses the USB bus and doesn’t require a $5000/year payment OR the appearance of sketchy fringe shenanigans like “use whatever you want.”

          1. Nah you don’t get a free VID with the logo agreement, you still have to buy a vendor ID separately. However, yeah, the echo chamber is in full effect. I knew the fees were $1500 and then $2000 only a few years ago, but recently people bandied around the $5000/yr figure and why would anyone just make something up on the internet, right?

          2. I think probably people were thinking the logo agreement was required, and mixing up the logo agreement and the VID prices. I put that info in my post to show “yeah there’s a recurring expense but A: the recurring expense is not required and B: it’s not $5k”

  5. Common users have no way to tell if they have bought a legit FTDI interface: they’re sold at euro/pound/dollar shops everywhere and not even the clerk will be able to give that information to the buyer, but the damages can be disastrous. I wonder if there’s enough wrongdoing for a class action lawsuit against those idiots.

        1. Hmm, no ? I cannot sue HP because one of their printer drivers doesn´t work with an Epson printer. If people want to use the fake chips, they just have to ask for the fakers to provide the necessary drivers.
          And I don´t know in other countries, but here people who buy from the dollar store know that they are buying counterfeit and low quality things, they just don´t care.

          1. FTDI knows what areas the counterfeits are used in and all that has to be proven is that they were aware of the risks and chose to act regardless. Indirect Malicious Intent… though they were not directly responsible for the situation the decision to act despite the potential for harm makes them negligent.

            Imagine workers are repairing a traffic light outside your house and (accidentally or intentionally) connect the light to your electric line… you recognize the fault and turn off the traffic light despite knowing it will increase the chances of an accident but don’t care because you dont want it running on your utility… you dont think you’ll get sued for negligence? The court will tell you that you should have been more understanding of the mix-up and should have waited for a repair crew instead of punishing innocent motorists.

          1. If the garbage data feature in the driver kills someone FTDI is responsible and this won’t just be a civil case but also a criminal case which means some people at FTDI may go to prison.

          2. Quote: “without having FULL traceability on every part”

            Having full tractability is just about blame shifting.

            Seriously, these fakes are entering the manufacturing process on reels and aren’t being detected until they end up with the consumer.

            How can *tractability* possibly fix that. *NOT*

          3. Alice,

            Actually FTDI will just get their weiners smacked a little. They will basically be asked to find an alternative route to securing their IP, in a way that isn’t destructive to products already in place. They have now done that. If the device using a fake FTDI can’t deal with garbage serial data, then it’s up to the designers to release a firmware update to cope with it. I see nothing wrong with what FTDI has done this go around, and while I’d be pissed to buy a product and find out it doesn’t work properly, I’d eventually stop buying products from the company who is manufacturing using counterfeit chips. If there’s a medical device that is responsible for keeping someone alive using counterfeit chips, you could sue the company who sold the device if it stopped working or caused a fatality as a result of not correctly operating. You can not sue FTDI for bricking or screwing with fake chips, regardless of merit. The driver’s are proprietary and their IP. They bought the rights to the VID, and so the drivers will function with real chips. They simply can’t be blamed. Refusing to buy FTDI is up to you or the manufacturer, and its easy to point fingers at FTDI, but no one is willing to take responsibility for buying shady counterfeit products. It’s their product, it’s their investment, they can do whatever they want to ensure only genuine FTDI chips work and anything piggy backing off their tools will have to know how to cope or stop working.

          4. @mcnugget- so you’re going to stop buying from 99% online retailers? No more Amazon, eBay, banggood or Alibaba for you… pretty sure I read something about some of the fakes coming through Digikey and if thats the case then they could have come through Mouser all the same.

            If you’re relying on ‘buyer beware’ then the only option is to buy direct from FTDI and, well… you can’t. Unless you’re buying 10000+ units. So good luck doing anything. Yourself. Ever.

  6. So if I design a system and validate it using original chips with everything working as expected, it would still be good practice to allow for that unwanted message – because I never know what is going to happen in my product life cycle. Well in that case – what is the point of that message.

    Isn’t it about time someone wrote an open source Windows driver for these chips? Or would it be better to change over to a chipset that is safer? Like the CH340, PL2303, CP210x?

    1. I’ve decided that FTDI simply can’t be trusted anymore. There’s no guarantee their little games won’t impact legitimate devices by mistake someday. The safest alternative as a designer is to avoid them like the plague.

        1. At least according to Prolific’s website, they didn’t just make their driver incompatible with fake chips, they made it incompatible with the chip model and revision that got cloned full stop – including genuine Prolific-manufactured chips.

        2. I didn’t know prolific was that aggressive. Now I do. All the CH340 drivers I can find seems to give my Mac-box kernel panics, and I could not be bothered to straighten that out. I have no experience with CP210x. Is that Silabs? Do they come in peace?

      1. Prolific did the right thing by their customers and their customer’s clients and that’s why the sh!t hitting the fan here is about FTDI who certainly did the wrong thing by their customers clients and by that proxy – the wrong thing to their customers.

        Prolific simply said – if it’s fake then we are not supporting it – plain and simple and that leaves no room for argument about weather what they did is right or wrong.

        On the other hand FTDI said well FU(K this equipment up because it has fake chips and in doing so set their customers clients against their customers.

        Now I expect that FTDI customers – the manufacturers using FTDI chip – will retaliate by abandoning FTDI.

    1. Straight from http://www.ftdichip.com/FTProducts.htm

      FTDI Chip offers a wide range of products including modules, cables, and integrated circuits. Driven by its chip development, FTDI’s product focus is on USB connectivity and display interfaces, which have wide applications across all market segments, including; industrial, consumer, PC peripheral, medical, telecom, energy infrastructure, etc.

    2. There may not be directly but we (biomeds) often need to use serial to sub adaptors to communicate with medical equipment for servicing – I have preferred to use ftdi based converters as the drivers have been more reliable than others.
      So far I have not experienced any ftdi driver issues.

  7. The best alternative of all is simply to avoid using all FTDI chips for any purpose. Even if you’re sure you’re not using counterfeit devices (and it’s unclear how anyone is supposed to insure that), there’s no telling when their shenanigans are going to backfire and impact legitimate devices by mistake.

  8. In my opinion a Message box that comes up on the screen would be more effective, and with far less chance of harmful side effects.
    The device would still perform the task it was needed for and the user would be informed directly not through serial communication they may not even know how to read.

    1. I like this better too, it informs the end user. But the message in serial would get the attention of the designer/developer, if they suddenly encounter this message in debugging and find out that they didn’t get the specified legit FTDI part in the product.

    2. Yes, a clear, end-user readable message.

      To be honest, I think it would be fair if the driver were then to shut down. And also fair if they offered me the option to purchase, at a reasonable price, a downloadable driver without the authenticity check. They get their lost income, I get to continue using my devices with minimal interruption, everybody wins.

      But nope, they’d rather do this in the most hostile and unproductive manner possible. I was willing to forgive the first time as a momentary lapse of reason, now they’re on my permanent shitlist.

      1. Ok, I see this suggested a-lot, but by those that don’t really think it through.

        a) (I could be wrong on this one) but I believe true hardware drivers can’t generate pop-ups in the operating system. Sure, installers can and companion software can, but FTDI is pushing just drivers via windows update. I don’t think there’s a way at runtime of the driver to generate system dialogs.

        b) Have you ever installed an updated driver to find the hardware stop working? What’s the first thing you do? Do you rip open your computer or device and check all chips for authenticity? What many people do, is roll-back to the last known working driver, curse the company for making a bad new driver, and never update the driver again. That does nothing to alert anyone to a bad supply chain.

        1. I think you’re correct that a driver wouldn’t be able to directly generate a standard pop-up dialog, through MessageBox/MessageBoxEx, as drivers don’t execute in a user session with a GUI attached.

          It can show a “!” icon, and an error message, in the Device Manager. It can also write to the Event Log.

          Granted, the average user might not know to open either of those to look for an issue. But I wouldn’t be surprised if Microsoft had some other official mechanism in place, to allow a driver to notify a user of an issue that needs urgent attention.

          Failing that, it’s likely the driver package could also include a standard executable, which the driver could launch in the current user session for the sole purpose of showing a pop-up. There’s got to be a way, even if it’s hackish.

  9. This undocumented feature could cause problems in everything from industrial equipment to medical devices.
    It would be a good thing if someone got hurt.( Not Badly.) or a industrial company lost a hole production line and decided to sue them. This is bull shit.
    Last time it cost me over $200 dollars. I had a audio mixer that went bums Up. and some lighting controllers.
    They were all name brand devises.
    Companies that do this or sell items that can easily be hacked that are supposedly for safety or life saving. Like the lighting system I put in the new Oakville Hospital In Ontario.
    Some board kid with a smart phone and a Bluetooth adapter can take over the lighting system. can also take over the zone lighting that they are in with a nearfeild interface in there phone.
    I Told them but they did nothing. I showed them and they still did nothing.

    The Oakville Hospital is open now. ( God I wish that I was a bad person and take over there lights.)

    This also includes the operating room lights.
    The system was a DALI system made by fifthlight.
    There is a nice pin header inside and the cpu is Arm processor inside. you can use a simple IDE to get into it and there are Evan some more in/out pins for you to use.( You know you try to help and they just spit in your face…The lighting was not the only thing that there is wrong with this Hospital. There are a lot of systems that can be hacked so easily…)

    Sorry I left the topic a bit. It just so sad that If some ones life is at risk they don’t care. They would rather pay out to scr#$ the few that are taking advantage of them.

  10. FTDI has no right to destroy other people’s property by bricking it. If affected people sued them, it would make similar stunters think twice in the future. As for FTDI guys, they should sue the counterfeiters, not brick devices that do not belong to them. And MS … what are they thinking? No sane customer is going to trust that OS for anything important, with bricking and forced updates that they are pulling recently.

    1. No… End users should complain to or sue the manufacturer who sold you a device that no longer works. If the manufacturer purchased devices from FTDI (or authorized distros) then the manufacturer can escalate the case to sue the distributor for not securing its supply chain. If the distributor bought the components legitimately from FTDI, then they should work fine, but in the event they dont, then the distributor should sue FTDI…

      You did not get screwed over by FTDI. You got screwed over by a manufacturer who used an insecure supply chain. That is where the liability lays.

      If you bought from a cheap ebay/alibaba knock off supplier, then you should have known the risk

      1. If Microsoft cared, they would include a driver that also works with the clone chips. Bug-compatible, you could call it.

        Making a compatible chip may well be legal. Maybe more legal than purposefully messing with the operation of legally purchased systems.

        1. Nonsense. FTDI’s first attempt at asserting their IP was wrong IMO. This one though? I’m ok with this. It breaks communication, the end-user will complain to the correct person (the one who made the device with the clone, knowingly or unknowingly) and hopefully it will cause that vendor to address their supply chain issues or design in another device.

          Either way, FTDI isn’t getting any money from this board sale, and they are ensuring that the clone’s misbehaviour (if any) does not reflect badly on FTDI’s name.

          Another commenter had the great idea that the driver could stop working and in some form (systray app?) notify the user that the hardware is a clone, offering a per-device fee for a driver that will work with the clone. FTDI gets back (some) lost revenue, the user is annoyed and potentially tries to throw that cost back to whoever made the board/device, and hopefully the board vendor fixes their supply chain.

          1. You have no problem with FTDI disabling chips this time, but have a problem with the last time?

            They disabled devices affecting consumers both times and affected the counterfeiters not at all. It spews garbage into the data (that software should compensate is of no consequence here.) and runs the risk of disabling consumers devices…

            Instead of making us jump through hoops to get fixed hardware, firmware and drivers start with getting the counterfeits off eBay and Amazon. If FTDI can’t get cooperation then I’m sure the lawyers can have fun suing for distribution of counterfeit goods and hurt them in the US court system.

            This is like curing an epidemic by killing off the infected and not seeking a cure or prevention methods.

      2. End user will never see the message the driver is sending, for them shit just broke. And if the manufacturer didn’t use fakes on purpose they would have to diagnose the problem for each client. That’s EVIL and stupid. Refuse to work at all (eject the USB device maybe?), show message if you can but not just silently send potentially dangerous spam over the port.

    2. No, the end user who bought a widget that won’t work should demand their money back from THEIR supplier.

      FTDI has absolutely NO responsibility nor requirement to do anything at all with a chip that claims to be theirs, regardless of who eventually ended up buying a widget that uses the fake chip.

  11. I got bit by this just this weekend. Bought a USB to RS485 converter on Ebay (from China). When trying to figure out why it didn’t work, I went to Hyperterminal for a loopback test. I got the NON GENUINE message. Wharblegarble. So I went out to my shop, found an old circuit board that I’d built with a genuine FT232RL, removed it from the board, removed the counterfeit chip from the ebay 485 converter, and then soldered the genuine chip in place of the counterfeit. The converter then worked right away. I am glad not to have to mess with the stupid drivers, but those dang liars on ebay…

      1. Nothing is wrong with buying on ebay. Although in this case he had way to much work fixing his new bought device. Better to revert to a known working driver version and perhaps avoid FTDI in the future.

        1. Naah, not too much work. Took me less than 10 minutes to swap the chip. I’ve bought/used 1000’s of FT232RL’s & FT232BM’s in a custom board that I used to sell – and I am set up to work with SMD IC’s. Back in the day, though, I bought all of my chips from an authorized US distributor (Saelig). I didn’t even think about fakes when I bought the 485 converter on ebay, it’s been quite a while since I bought any FTDI chips.

  12. Let’s step back from look at FTDI poisoning the community well. We’ve grown used to FTDI, and USB-to-serial in general, as the default way to interface light-duty processing hardware with modern computers.

    This should not be. Most of our little twiddly-blinky devices should have switched over to pure USB interface long ago. We should not be expecting an FTDI chip, or even a USB-to-serial chip, as a standard component of interfaced hardware.

    So, why is it this way now? OK, so some devices legitimately are native serial devices, maybe even with console monitor function, and serial works best. But do you really need to emulate RS232 to turn an LED and relay on and off? Not really. Is it hard to write code that works with USB? No, not anymore…I have been using small AVR boards for random USB tasks with libusb and it’s pretty simple with many advantages (for example, find the exact device you mean, rather than chasing TTY devices around looking for the right one).

    A primary reason, I think, is the USB-IF VID/PID system. If you put an FTDI chip in your device, then you don’t need to worry about that anymore. A couple extra dollars per device, and throwing away many of the advantages of USB, may be worth saving $5000 per year. Certainly if your sales are less than a million dollars per year, an extra $5000 expense for the purposes of satisfying some control freaks seems onerous.

    I really do think we need, yet again, to try to take over VIDs such as 0xF055 and find a way to keep the database decentralized. Alternately, forget the VID/PID and the USB-IF entirely, set them to some universal number (even 0x0000:0x0000 should work), and enumerate devices based on some other number stored in the device. I can do this even now on Linux.

    The alternate solution would be for USB-IF to smell the winds of change and release their deathgrip on the interface, but who wants to place any bets they’d do such a responsible thing.

    1. Where do people keep getting this $5000 per year number from? A VID is a flat one time $5000. The ability to use the logo is a bi-yearly $3500 and is technically optional.

      1. Even if it is one-time, it is way to much money for just a number and no option for small and hobby projects. There has to be another way – not necessary using serial bridges.

    2. I think it’s safe to say at this point that the 0xF055 VID will never be assigned, so it should be safe to use it.

      The real problem, which caused this whole fiasco in the first place, is the USB Implementer’s Forum’s monopoly on assignment of VIDs. The USB-IF was organized by a group of large hardware manufacturers hoping to squeeze out smaller manufacturers. Before USB, anybody could design an add-on peripheral that used one of the (actually) universal interfaces available at the time on PCs – the RS-232 interface that’s been standard at least since the 1960s, and the parallel printer interface. Never mind that USB is technically superior to both of these; the point is that by making the price of entry into the peripheral market insurmountable to most individuals, the USB-IF was instrumental in making computer I/O hacking inaccessible to a generation of hobbyists/experimenters. The USB-IF did make allowances for generic human-interface device devices (mainly keyboards and mice), and they could just as easily have done the same for RS-232 and parallel printer port adapters, but this was specifically what they were trying to prevent.

      USB-IF deliberately shut most of us out of access to our own computers, and they did this deliberately. Proof: the VID is a 16 bit value, which means that there can never be more than 65535 producers of USB devices, and they have stated that it is not legal for a company to buy a VID and subdivide the PIDs out for individual users. The initiation fee (I don’t know for sure if it’s $5000 or $3500 at this point, but I don’t care) is absurd, but is justified by the deliberately limited resource they’re selling. When you can register a domain name — which needs to be registered on every DNS in the world — for $10, but can’t get a number to talk to your own computer over USB, something is wrong.

      There SHOULD be a generic USB device class that provides the possibility of driverless communications on par with the serial ports that USB replaced. If there was, there never would have been the problem of counterfeit USB-serial chips because these (generic rather than “counterfeit”) would be as common as mice, and cost less than $1 each.

        1. “Do not apply before your project is published under a FOSS license!”

          See, even they’re trying to wangle something out of the deal.

          What if I wanted to make something to sell, rather than for being cloned by the Chinese?

          1. You’re kidding, right? They bought the VID, and they’re GIVING AWAY PIDs for it. They’re not getting anything from you. All they’re asking is that you pass on the goodwill. Don’t be a jerk.

      1. You sound almost as stupid as FTDI. You’re right, solipso probably never shipped a product that included FTDI parts. But there are certainly a large number of products that WERE shipped with these, whose designers are saying “never again”.

          1. I’m not talking about what people should do. LOOK at what people are saying here: there are two groups. One group is saying that FTDI is right, the other group is saying, right or wrong, I can no longer use FTDI parts. And I notice that the first group isn’t really saying that THEY use FTDI parts, either.

          2. @BrightBlue

            ” And I notice that the first group isn’t really saying that THEY use FTDI parts, either.”

            My job uses them and so does the wife’s. Number In the magnitudes of 4 figure of chips between us. Never had issues with fakes and still plan to use FTDI.

  13. I don’t think many of the engineers attacking here have every worked in marketing to understand the real issue here. Instead of discussing what FTDI could have done, let’s discuss what the cloners could have done.

    As Mace has pointed out, the clone chips are a whole different architecture, they are not copying FTDI silicon IP. They could have been really lazy, squatted a random VID/PID and just copied FTDI’s drivers, modified the VID/PID to match and released a true competitor to FTDI without relying on FTDI drivers. But they didn’t do that.

    Why? Because they don’t want to be competitors to FTDI, they want you to think they ARE FTDI.

    Because they don’t see profit in being a competitor to FTDI, as no one ordering large quantities is going to randomly buy a no-name competitor that has no brick-and-mortar support chain in place like FTDI. They want you to think you are paying the big bucks for a trusted name, trusted reliability and trusted support chain for a product that has none of the above.

    To anyone working marketing for FTDI, this has been war for years, they have been under major assault.

    To give an example of how important brand integrity is, let me tell you about my relative. He took a job for a while as a big brand repair tech. Let’s say Samsung. During his training they had to take apart brand new $2000 LCD TV sets to the motherboard and put them back together. They were judged on how well the TVs functioned after this process. Then, all the TVs were thrown out. Even if they worked. All 20 techs in the class, in a class repeated every month, TVs were thrown out. And a guard was stationed 24/7 at the garbage can so no employees would take a TV home. And companies do this for all their electronics used for training! Think of all that e-waste.

    Because Samsung would rather eat the cost of these TVs, then risk a single one ending up on craigslist, sold and then failing after a month since QC is useless once the TV was taken apart. That could be one customer that would swear never to buy Samsung again, and the brand is tarnished.

    That is how marketing people consider the importance of brand recognition. I polled my office and the Wife’s (2 different tech labs) after the last FTDIgate and none of the veteran engineers batted an eye, and they still use FTDI, because it’s FTDI. It works, well, and has for years.

    1. I disagree. First I will reiterate what others have said: these are NOT cloned devices. These are USB serial interface devices that were independently developed. I’m not crying for the makers of these counterfeits — and they ARE counterfeits because they are marked “FTDI” — but FTDI has only been able to sell their chips for a premium for so long because of the exclusive club they belong to, the USB Implementer’s Forum. If not for the fact that USB-IF actively works to keep small companies out of the USB business, a basic serial interface would have been included as a generic device class, just as the keyboard and mouse interfaces were, and no way in hell would anybody be paying more than a buck for a serial interface chip. Nobody cares about competing against FTDI. What they DO care about is being able to make a device without the huge initial costs of making a USB-interface device, and the counterfeiters have gotten around both the VID/PID problem and the Microsoft driver signing problem at the same time by making a chip act a lot like an FTDI chip.

      Somebody mentioned the possibility of a class-action suit against FTDI, but I think what would be more appropriate would be antitrust action against USB-IF.

      1. ‘FTDI has only been able to sell their chips for a premium for so long because of the exclusive club they belong to, the USB Implementer’s Forum’

        What a load of bollocks!!!

        Seriously, you think this is all about a one off $5000 USB fee ???!!

        Any company that has the funds to have a fake chip fabbed can afford $5000 to have their OWN chip included in ‘the club’, doing things the right way !!

        What is REALLY happening is these fake chips are riding on the back of FTDI’s reputation, to the point where they are claiming to BE FTDI. That is flat out illegal no matter which way you dice it.

        FTDI are the defacto because they were pretty much the first to the game with a simple, effective, reliable chip. It still is if you buy from a trusted supplier.

  14. I blame Microsoft for failure to come up with an open standard for USB to serial adapter. Prolific and FTDI just took advantage and make their own monopoly sandcastle.

    But injecting unwanted serial data? Come on! Who knows what “NON GENUINE DEVICE FOUND!” will do? It could be a serial device that someone put together to control power equipments. Why can’t FTDI just launch a dialog box and refuse to work? I feel that FTDI won’t get its MS certificate for its driver if they do that.

    What I don’t understand is how come there is no such problem with things like USB HID like keyboard, mouse or even joysticks. How do they achieve plug-and-play?

    1. “Why can’t FTDI just launch a dialog box and refuse to work?”

      Copying from my response from above:

      a) (I could be wrong on this one) but I believe true hardware drivers can’t generate pop-ups in the operating system. Sure, installers can and companion software can, but FTDI is pushing just drivers via windows update. I don’t think there’s a way at runtime of the driver to generate system dialogs.

      b) Have you ever installed an updated driver to find the hardware stop working? What’s the first thing you do? Do you rip open your computer or device and check all chips for authenticity? What many people do, is roll-back to the last known working driver, curse the company for making a bad new driver, and never update the driver again. That does nothing to alert anyone to a bad supply chain.

        1. There’s no need to create additional pop-ups. Disabling instance of driver with error message “Driver doesn’t support counterfeit hardware” both in event log and device status surely will do.

  15. Please stop crying, if you own a device with a fake FTDI chip you payed to little for the device (and you knew). And WTF are some beeping about the medical devices with fake FTDI chips:

    1) There is FULL traceability of components in medical devices, and if not: they deserve to go bankrupt.
    2) If a medical devices manufacturer is sourcing fake FTDI chips (ea they dit not sourced from FTDI resellers) they deserve to go bankrupt and die as well!

    1. For your points 1 and 2, yeah maybe. In fact, probably.

      But assume that through some unfortunate chain of events FTDI has bricked a device that, if operating correctly, would have helped save a life. Does that person deserve to die?

      1. This line of thinking is ridiculous. What if a pirated copy of Windows 7 suddenly deactivated at that critical moment. What if Windows 8’s activation screen came up at the very moment between when the radiation dose was administered but before it was shut off? Think of the children!

        Medical devices require full traceability on all components. Critical infrastructure shouldn’t have automatic updates turned on in the first place. If your model rocket launcher can’t deal with incorrect data coming in on the serial port then you’ve got a terrible design. Stop making excuses as to how this is terrible because the fact of the matter is that FTDI has struck a balance between allowing clones to use their driver and outright killing them on sight (which I disagreed with, not that I’m anyone).

        1. You’re ignoring the actual question and instead trying to talk down the risk this happening, or assuming that some designer of a medical device wouldn’t make a mistake like that. “Shouldn’t” is not part of my question. That time is long past…mistakes have already been made and incorrectly source equipment is already installed.

          Unfortunately, we live in the real world of what is and what isn’t, not what should and shouldn’t be. We live in a world where sometimes your life does depend on a machine operating properly, and those machines are design by fallible humans. If you choose not to ignore my actual question, here it is again: if a person dies because FTDI bricked counterfeit hardware, did they deserve to die? And by extension, is this an acceptable cost to FTDI protecting their brand?

          If you still agree with FTDI, then you and I have different ideas regarding ethics in engineering. We don’t build bridges that activate a car-sized trapdoor if you didn’t pay the toll.

          1. I’m not answering your question because it’s a ridiculous strawman. Any of my scenarios are just as likely as yours, and in the end the onus is on the device manufacturer to ensure they are using the devices they specify, not on the part manufacturer to ensure compatibility with an unlicensed clone.

            It doesn’t matter that there are thousands of devices out there, again it’s not FTDI’s doing nor on their backs (ethically, morally, legally, whatever) to ensure these devices which they have not had any part of (literally!) continue to operate with their software. The onus is on the product designer and the end user together, *especially* when you want to play the “save a life” card.

            This isn’t about ethics in engineering, at least this time. Their bricking of devices went too far, IMO, but this strikes the right balance.

            Even better would be the idea that another commenter brought up of a device driver detecting a clone and providing a mechanism whereby a paid license could be purchased to “activate” the device driver’s use with the clone. I suspect, however, that this opens up a HUGE can of legal worms if something bad were to happen and a life were lost, as your example goes. In this case, FTDI probably does have some kind of culpability since money was exchanged and some level of operation or service expected. The real world *is* difficult, isn’t it?

          2. “The onus is on the product designer and the end user together” Ok wait, so you’re saying that my local hospital should pop the hood on their next batch of devices and try to see if any silkscreen looks dodgy? Or maybe even that as I’m brought into the ER pumping blood on the floor, I have to say “Hold up…” and drag myself over there with a screwdriver and ask to see their records of component sources?

            It’s disturbing to me that you skip past the actual event of injury/death and go right to whoever would be liable as your main concern.

          3. Come now, you’re not actually that thick are you?

            No, I’m not expecting the hospital to pop the lid and look. I *am* expecting the hospital to source their equipment from vendors who can prove full traceability of the parts in their devices, have the documentation showing the relevant industry design and assembly guidelines, function and verification testing and MTBF calculations have been performed and passed, and who are able to sell such medical equipment in the first place. I expect the hospital IT departments to absolutely and provably disable automatic software updates, and probably be on a completely air-gapped network to start with.

            Stop trying to jump right to “what if someone dies” when there are eleventy-seven different hoops to jump through before your hypothetical device would get anywhere near a patient requiring its use to save his life! Your argument is simply invalid!

            You jump to a “possibility” that is so remote that it’s more of a worry to figure out what the equipment would do with a severe static discharge (which is part of the design and verification testing stages mentioned above). I skip past your scenario because on the list of possibilities, it doesn’t even register. I jump to the liability because that’s exactly what is preventing your scenario. Nobody wants their cock on the block should the hypothetical device get made with a clone chip, which is exactly why all that testing, documentation and locking-down goes on in the first place.

            Now you want to talk about non-medical implications? Perhaps the model rocket launcher kit someone might buy? We deal with these kinds of risks all the time. An automatic driver update killing access to a serial port (and causing unexpected text to spew out of a serial port) is unexpected, but so is a garbage character from ESD or perhaps a device which gets damaged due to static or an overvoltage or reverse-voltage condition.

            I think your argument is that this breakage is intentional, whereas the other scenarios are not. My argument is that FTDI is well within its rights, as unpleasant as they might be to people impacted because their favourite device has a clone chip in it. That’s a point where we will have to agree to disagree on, but your scenarios for loss of life are as arbitrary and manufactured as my Windows 8 activation screen at an inopportune moment one is.

          4. There’s a lot of people saying you should have coded round this garbage output. Sure, you might get a bit of garbage every now and then when you connect. But for many applications that’s ok – you just reset it and try again. Say it even has a horrific – 1 in 10 failure rate. It’s very unlikely you’ll need to retry more than 5-6 times.
            Very few situation – even in safety / life suport type scenarios – need it to work 100% first time, so failing to handle the odd but of garbage in transfer probably isn’t a huge issue for the vast majority of cases.
            But FTDI’s update means it’ll never work, and that’s an entirely different issue. Re plugging it and resetting it won’t make any difference. They’ve effectively killed the device.
            Plus, there’s a fair number of companies who might have picked a simple “I’m here” code from the software which occurs in FTDI’s string.
            Forcing it through MS update is particularly evil, as it’ll teach people that it’s not safe to run “security” updates – leading to worse problems.

    2. What about the following case:

      The device itself just uses a normal serial interface, and the hospital uses a USB->Serial cable that the penny-pinchers in accounting went with the cheapest ones because the cables are just cables, right?

    3. This is bullshit. The fact that somebody somewhere along the line bought a fifty-cent chip instead of an eight-dollar chip doesn’t mean that the savings got passed on to me.

      I do own a device that I “paid too little for”, which probably has a counterfeit FTDI chip on it (an Arduino Nano clone), but at the time I bought it, there was nobody (least of all FTDI) saying “beware of fake FTDI chips – here’s how to avoid them”. So am I supposed to just never buy anything that costs less because it could contain stolen intellectual property??? Your argument is ridiculous.

      1. ” So am I supposed to just never buy anything that costs less because it could contain stolen intellectual property”, well… ermm, something like that. You CERTAINLY should go back to whomever you bought it from and get your money back.

        If you bought a DVD on fleaBay for $3 and wa missing the last 10 minutes of the movie would you seriously blame Universal Pictures !!???

        1. I don’t know how many times you think you should repeat that “last ten minutes” argument, but there’s a big difference: with a badly-made DVD, I know as soon as I try to play it. With a chip that has worked for several years, then suddenly stops working because of a driver update, I have products out in the field that are way out of warranty, and in any case, 1) I had no way of verifying authenticity when I bought them, and 2) I have to eat the cost of shipping, rework, and the replacement parts. And I want to say again, the counterfeit parts are in the mainstream supply chain – even if you pay full price, there’s no guarantee that you have authentic parts.

          1. If you have no way of verifying authenticity then you are using bad suppliers. fleaBay doesn’t count. Any self respecting quality supplier will have quality standards certification coming out of the wazoo, even those in China.

            All I see here on HaD is a bunch of cheap asses who think that buying something cheap is a good idea, regardless of where it is from, then bitching because they aren’t getting quality and/or support from a manufacturer that didn’t supply the chip in the first place.

            If you are building a serious product then your supply chain quality is your responsibility.

          2. I used the example because i think it is relevant to multiple posts. If you don’t, fine. I don’t think there IS a difference between the fundamental FTDI case and a bad DVD. It is all about quality. Your DVD might ‘go bad’ due to delamination and destroy your nice shiny Blu-ray player. Quality. that is what buying FTDI gets you.If you can’t be bothered to ensure your supply chain is using quality, genuine parts.

            I manufacture products in China and go to great lengths to ensure our products are quality builds.

          3. @Steve C
            Even biggest parts distributors might have fake parts in their stock. It happens with transistors, op-amps, voltage regulators and other small parts. Why, oh why it can’t happen with FTDI?
            Your DVD example is moronic and meaningless in this context. If you are buying something too cheap to be good, then you are buying fakes. What if you bought part from respectable distributor that doesn’t know that one in ten of their parts is fake? And if you want to cheat Universal Pictures by buying cheap DVD copy of their last Blockluster from China, then why don’t you torrent it instead? You still will be stealing, but at least you won’t spend money on it…
            Also you should read this: https://en.wikipedia.org/wiki/Sony_BMG_copy_protection_rootkit_scandal

  16. Quote:”Right now, the only option to avoid this undocumented feature is to either use Linux or turn off Windows Update.”

    There is another far less painful and far less risky solution – don’t buy anything with FTDI chips in them.

    Most of the ebay Arduino clones use a CH340 USB serial bridge now.

    I won’t touch *ANYTHING* with *ANY* FTDI in it now and I am sure most others feel the same.

    I only got caught with one device that had a fake FTDI chip and that was a PIC programmer that I will throw out because it has issues not-related to the FTDI chip.

    1. Yeah.. screw FTDI. I’ve had units bricked in the middle of my kids STEM arduino robot workshops making kids cry and parents swear.

      What are people to do about phones, cameras and MP3 players that use these chips? Break them?

      I’m done with them. I’m only buying arduinos with either ATMEL 16U2 (for more complicated bidir/USB classes) and CH340 devices for on-the-cheap/kid-robot workshops.

      For those wanting to know more about these various options:
      https://www.reddit.com/r/arduino/comments/3a32f6/arduino_uno_16u2_or_ch340/

      Tweeks

      1. If you bought a DVD on fleaBay for $3 and was missing the last 10 minutes of the movie would you seriously blame Universal Pictures !!???

        Seriously, GO BACK TO THE PERSON YOU BOUGHT THEM FROM FOR A REFUND!!! Quit blaming FTDI because you were too cheap/lazy to be bothered blaming the REAL culprit.

  17. I dont get the noise.
    Why on earth should FTDI support counterfeit chips?
    They don’t make them, they don’t have a clue on the real hardware in the chip and performance.
    Every device that acts flaky because it had a pirated chip in it tarnishes FTDI’s reputation.
    People talk about medical gear and how this could endanger lives, how much worse a flaky pirate chip is then?
    Better for the mfg to find that their supply chain is contaminated while testing than by a hard to pin down malfunctions and glitches due to pirate chips.
    This is far better than bricking, as there’s clear indication of the reason for interrupted operation.

    If a product you bought stops working because it has a pirate chip, then blame the mfg that tried to rip you off with a pirate chip. I see a lot of refund claims for “FTDI”-cables sold on ebay.

    1. Testing is difficult enough to do properly. Looking for undocumented calls is much more difficult and maybe illegal thanks to tactics like the DCMA.

      I think the Windows analogy was good. FTDI is closed like Windows. Windows popups waiing for user intervention and updates were contributing factors of us replacing our servers with Linux.

      Like my choice to not purchase windows for my children’s and my computers and use an alternative, Linux, so will I lookfor an alternative for usb to serial.

    2. FTDI supporting counterfeit chips would be to fix a counterfeit chip bug in the driver. Letting them be is not supporting. Bricking the chips and messing with the data streams is malicious toward people who can’t verify their chips in any way, especially before buying. And since FTDI themselves can’t be sure what their distributors sell, FTDI is being a brick here.

      1. Agreed if the driver simply did not work that would have been ok as any device containing a fake chip would be assumed broken and pulled or the driver assumed broken and rolled back but injecting text in the the data is just asinine as most software is not written to deal with that.
        It may ignore the extra text it may not work at all or it may act erratically.

    3. I doubt that anyone would say that FTDI should support counterfeit chips. However, FTDI is punishing the victims. Also, undocumented “features” are bugs. Intentionally introducing a bug in one’s software is dastardly—and will not fix the counterfeiting problem.

  18. For a UART-USB converter, I suggest using the CP2102 breakout that can get for less than 2 bucks on aliexpress in single or volume quantity. Don’t bother using counterfeit FTDI or Prolific with so much stressful resolving driver problems.

  19. This isn’t quite as bad as their last stunt because it doesn’t overwrite the PID on the device itself and stop it being used with other drivers (then again, my opinion of FTDI has been so low since that incident that this one barely registers). Also the article isn’t clear about whether it’s the incoming or outgoing stream or both; filtering the string “NON GENUINE DEVICE FOUND!” from the incoming stream would be trivial, I really can’t see why they bothered.

  20. I think FTDI are punishing the wrong people. Years ago I purchased “Maxim” power supply chips from a respected supplier and they were fakes.
    It cost us plenty to fix the problem, but not enough to warrant us paying exorbitant lawyer fees to get refunds. I sent some of the sus chips to Maxim for tests. Later, we also had a crook batch of OpAmps.
    Fairly recently I had the job of replacing about 800 LF353 chips in a customer’s product as the assemblers of that product got stung too.
    When I buy chips, I buy them in good faith that they are real. This is a big problem, and some suppliers are not as good as others. Accountants make decisions based on $$$$ so I suspect they think it a good idea to but as cheeeep as they can.
    In out time we have had a few “Grey Market” parts supplied, and from various suppliers too. One was BD139 transistors that were packaged with their pins the other way around. Fortunately, our supplier found out in time to alert us and they replaced them with real parts.
    It only makes it worse to have the “genuine” manufacturer kill your product. Let them chase the crooks, not punish the victim.
    I for one would not knowingly purchase a counterfeit part, but maybe foolishly, trust the description as being what it is.

    1. could this have been a MAX745? I tried to build a LiPo charger with one of this and did not succeed. I did not think of counterfeit chips these times, as I bought them from farnell or rs-comp.

    2. So, how is the fake FTDI behaving different in its environment any different to a transistor with swapped pins behaving different in its environment??? Just because one has a software component to it that CAN make it behave correctly is completely irrelevant.

      If your supplier gives you fake chips change supplier. It is that simple !!! How in Gods name does changing the chip fix the root cause???

      1. Here’s a root cause for you: counterfeits don’t just appear at random. They are targeted at parts that have extremely high margins. FTDI has continued to sell their products at exorbitant prices, long after they’ve recouped their development costs. Yes, that is their prerogative. But it’s also an invitation to counterfeiters.

        And to all of you who are saying, “you know you bought a fake if you bought 10 for $1.50”, this may be true, but if you paid $8 for it, you don’t know you got an authentic FTDI.

        1. Ahh, OK then… they should just let people continue to make money of THEIR work (and sully their reputation in the process with sub-standard devices) just because, well, what?? they have recouped their costs (you assume)

          If you bought a TV from BestBuy and it stopped working you would take it back. If enough people did this then BestBuy would stop stocking that particular TV.

          Don’t blame FTDI because you can’t be arsed complaining to YOUR supplier.

  21. It’s basically the same problem as “counterfeit Arduino”.

    They’re ripping off the FTDI brand, using their name, their logo, their legally-protected trademarks.

    If you are able to sell an alternative product which you claim is drop-in compatible, which is just as good, just as reliable, with the same functionality and a significantly lower price, put your own name on it. Provide your own drivers, and support it yourself and stand by your own product.

    If it is genuinely good, and usable and just as reliable at a lower price, they will come.

  22. Some counterfeit Arduinos also have similar defective “fakeTDI” chips or their equivalent.
    I had this happen here, fortunately maintain an old XP standalone system which still works fine.
    It does raise a fair point, if FTDI want to regain consumer trust they need to start accepting counterfeits
    and offering a one-time-use code to order a genuine Arduino/USB to serial converter at a discount.
    Maybe have people send just the board so they can keep the 328P etc as this is typically genuine.

    Relevant experience, Kingston identified my flash drive as genuine but faulty and are now replacing it NQA.

    1. And just how the hell is “genuine but faulty” even remotely relevant !!??? That is simply good customer support, not supporting a non-customer who tried to be a cheap ass and buy something pretending to be from us.

    2. The fakes may not meet all the compatibility criteria and could be flaky in some applications as the implementation is completely different so I can see part of their point.
      But how they’re going about handling the problem is wrong on so many levels and could do more damage to their brand then the counterfeit chips.
      Instead they need to do is approach suppliers and educate them on spotting the real deal.
      Maybe distribute a testing tool to manufactures distributors that can detect the fake and then going after the companies who make the fake chips
      There are still going to be fakes in ebay Arduino clones though one thing they could do is limit a detected fake to 9600 to 19.2K baud this is still fast enough for that application.
      It’ll still work but not as good as the real deal.

      1. The way FTDI are detecting the counterfeits is that out-of-spec writes to the EEPROM that would have no effect on the genuine article work on the counterfeits. There’s pretty much no way you’d come across that by accident, especially not once the chip is installed in a critical application (since EEPROM programming for these chips is generally done once at product manufacturing time).

    1. Well, that’s one solution. Another one is “All the problems that you don’t have when you don’t use Windows Update”… (note: while I can’t guarantee to you I’m not infected with anything – neither can you, WU or not. However, I absolutely can tell you my state has been indistinguishable from being not infected for decades of never having used WU – that’s good enough for me.)

  23. What every comment fails to address is that FTDI designed a driver to brick or scramble output on other devices. Not supporting or even not loading drivers for fakes is great, writing a specially engineered destructive trojan into the driver is another story completely. If you don’t like fake Rolex watches sue the wearer or file a police complaint if you like, do not send out mercenaries to the mall to bolt-cutter them from the wrists of the wearers when they reach for something on a store shelf(driver DL analogy). This is a directed attack on other’s property, even if that property may be infringing a court of law is the only remedy allowed in a world with rule of law. No privateers sail the seas raiding container ships looking to punish for fake Gucci and Nike do they?

    1. A better more responsible solution would be to limit the fake to 9600 baud.
      No kids and teachers will be crying their science project no longer works and they don’t have to worry about a supposed fake chip failing at 2Mbit and making their product look bad.
      The scrambled data could make things worse as many users who have a fake my not view the serial output and assume the serial chip or the driver is defective.

      1. I think you misunderstand the failure. It’s not that the counterfeit chips don’t work, or don’t work well. It’s that they work just fine, until you do the Windows Update, at which point your kids’ projects no longer work right.

        THINK OF THE CHILDREN!

        1. Oops, never mind – I thought your response was to the original comment about kids projects not working. But still, your solution won’t work, because the project is expecting the chip to run at the rate they programmed it for, so if the project using the fake FTDI chip is running at 9600 and the PC it’s connected to is running at a higher speed, the project still doesn’t work.

  24. Is anybody still using FTDI chips, seriously? Why would you do that to yourself and your users after their first stunt? It’s not like there are no alternatives, that actually are better, cheaper and don’t fuck with you.

    1. If you are not making a product, but only one device for personal use, you don’t need to use USB-serial bridge, because many microcontrollers have USB peripheral. It solves clocking problems too, because USB peripheral uses either 24 or 48MHz clock, so there is no need for odd crystals. And you can use manufacturer’s VID for your prototype. If you are going to make a product, you can purchase VID and use it for everything you are going to make in the future. In both cases you don’t need to buy any interface bridge chip, FTDI, FakeTDI or other. People are not doing it because USB is a tiny bit harder than UART…

      I wonder, what would happen, if FTDI make a mistake in future driver update and recognize genuine chips as fakes? If I were a manufacturer of such devices, I’d rather make my devices less expensive than risk pissing off end users and manufacturers that use my devices in their products. It’s bad for the business.

      After I was burned by genuine fake PL2303 chip (I was sure it was genuine alternative to FT232, which was a bit too expensive for me), I switched to CH4301 and MCP2221 (that one is almost half the price of FT232 here)…

  25. And people still use FTDI ?? .I will NEVER buy a FTDI chip again. I can’t take the risk. I make a lot of tooling for ASML, and what do you think those guy’s are going to say when their tool suddenly stops working. Since Dave’s Rant, I learned the arrogance of FTDI. There are a lot of fine USB chip which are much cheaper and do the same job.
    When everybody stops buying FTDI they can do 2 things. undo all the bullcrap bricking, and go down in price so that there are no fake chips anymore. or go bankrupt.

    1. Or… how about this idea… buy from an authorized distributor instead of 10x for $1.50 from fleaBay !!!???

      If you bought a DVD movie from China for $3 and it was missing the last 10 minutes would you blame Universal Pictures???

      1. I would not blame Universal Pictures at all, BUT I would if the next time I tried to play a Universal Pictures DVD in my machine they bricked it!

        Oh, I have 16 x DVD cabinets with about 50 DVDs each, and they are all original. I’m against pirating. It is a bit scary to count them and realize how much I’ve spent on DVDs over the years.

  26. FTDI is punishing the victim, not the villain—again. So, it seems that it would be best to avoid using FTDI chips in future products because you don’t know when FTDI will have another petulant outbreak.

  27. FTDI’s solution benefits neither the end-user or nor FTDI itself. Counterfeit chips are bad for quite a few reasons, I’m sure, but generally because they represent lost sales for the genuine manufacturer and because poor quality parts pretending to be the genuine article tarnishes the company’s image. But counterfeiting harms consumers as well; some, maybe most, of whom don’t know they have a fake chip and feel punished and angry when their devices stop working.

    Some commentors have pointed out that FTDI has no obligation to produce drivers that work with counterfeit chips. While this stance does make some sense, the problem lies more in the fact that FTDI’s driver DOES supports counterfeit chips (if only well enough to screw with/brick them). Even a year ago the driver still continued to communicate with a counterfeit chip, sending commands meant for writing the eeprom on a genuine chip. Those chips aren’t authentic though, and making them send junk data on the UART totally misses the point of the “crappy fakes devalue the brand” argument. FTDI only knows that an authentic chip will dutifully send the “NON GENUINE DEVICE FOUND” string, but this is a fake, for all they know it could search continuously for that specific string and replace it on-the-fly with something a bit more nefarious. Talking to an unknown chip like that is dangerous and irresponsible; for liability reasons FTDI’s driver shouldn’t do it.

    Is FTDI legally liable for knowingly messing with a fake? Complicated to answer, but why take the risk? Are customers in the wrong for being angry when the driver messes with their stuff? Well, they are going to be angry at FTDI anyway, right or wrong! Angry people don’t make good customers. Heck, the end-users who actually wanted conterfeit chips will just continue using the chip with the older driver, or the linux driver anyway. The best solution for everybody is to just have the driver not talk to fake chips in the future. No more of this shotgun approach to rooting out fakes.

    1. The answer is simple. The FTDI driver, if it identifies a fake FTDI chip, should just not install the device. It shouldn’t actively disable the chip (like the older driver did), or inject fake text (which the current one does); it should just not work. Users will discover that they can’t talk to the chip, and have the option of either using an older version of the driver (that FTDI still publish), changing the chip for a real FTDI chip, or sourcing/writing an alternative driver.

    2. I personally agree that the better action on the part of FTDI would have been to have the driver simply refuse to work with chips that it determines to be fake. I suspect, however, that there would still be cries about how FTDI would be killing kittens, spoiling dinners, etc. because their driver //used to// work with well-executed fakes, and so therefore //should// still do so. That’s an argument I personally reject: that’s essentially asking FTDI to support, or at least attempt to support, all devices that masquerade under their USB.

      On the other hand, the primary damage that FTDI sustains from fakes is a loss of revenue. But, FTDI deciding to spend even MORE money to fund R&D activities to develop driver software to detect fakes, and then act in a unique way (whether or not intentionally damaging), is “throwing good money after bad”. I agree that it’s a bad idea for liability reasons as well, but hard to imagine any real penalties being levied against FTDI – the fake, after all, was not an ‘accidental’ one. Rather, it pretended to be an FTDI chip.

      I agree with Runeswagger that it’s not worth the risk for FTDI to mess with the fakes. I will go a step further and hint that FTDI is wasting their money and resources to behave in this fashion. It would be better spent on providing a less risky and/or obnoxious means for contract manufacturers, test houses, and end-users to identify fake chips. For example; a utility for windows, Linux, MacOS, etc. that identified devices as genuine or not. Such an action might be perceived as an ‘olive branch’ that, likely, will be sorely needed as FTDIgate II unrolls.

  28. I’m planning on pulling FTDI from all future platforms that are being designed, either at work or at home. I don’t want to be the police for FTDI and worry that my designs will be trashed on their whims. FTDI created a new market with their designs, but there are lots of alternatives now.

    I am not sure why chip vendors are selling their chips as FTDI brand. Does the end user care if the chip says FTDI as long as it works? If the chip was sold under their own brand, as a compatible replacement, FTDI would have no grounds for breaking the driver, especially if it is provided as an update by Microsoft. Copying form, fit and function is perfectly OK as long as the IP from the original doesn’t get used.

  29. FTDI has full right to protect their interest but i dont see their latest gesture deterring pirates.
    There is no way to know if i am buying a authentic FTDI chip in Indian local market. And for buying low volume from mouser or Digikey i need to pay 40$ shipping +25% indian taxes so its better to avoid FTDI all together and go for CH340

    1. Why oh why is everyone trying to fix their issue in the wrong place???

      If your supplier provides fake/non working FTDI chips what makes you think they won’t with the CH340??

      Would you trust the fake CH340? What if it damaged your computer USB port through say, over voltage stress? Would you then blame Olimex???

      1. FTDI should provide secure channel to buy their products. Its not possible to buy low volume, no reliable distributor supports low volume sale.
        CH340 is dirt cheap i dont think someone will clone it. In case of over voltage we will protection in place like ferrite beads.

        As of now seriously considering to shift to MCP2200 or TUSB3410

        1. You missed the point.

          FTDI is not the problem, the manufacturers ans supply chains are. Why would you buy ANYTHING from a source that provides fakes?

          If a CH340 clone can be made cheaper, then it will be. I have seen fake FETs !!! Again, the issue really is about quality. FTDI provides quality, fakes don’t.

          FTDI DO provide secure channels… they are called distributors (Digikey, Mouser, Avnet etc…) If these suppliers start selling fakes then A) they loose their reputation and B) open themselves up to being sued. fleaBay is not a quality distributor.

          1. Why are you assuming that I am buying from a source which is selling fakes? Even the big shots like Sparkfun got duped! My concern is what to do if i get counterfeit chips through genuine source? Suing anybody is not a option for small player like me! Avent arrow do not support below MOQ. And as i said mouser and digikey do not workout in indian market!

          2. @ Suyog

            “Even the big shots like Sparkfun got duped!”

            I assume you are referring to the fake Atmega chips, which Sparkfun admitted they bought from an untrusted supplier from China. That kind of proves our points. Does anyone have actual examples of poisoned FTDI supply lines from vendors Digikey/Mouser?

          3. @[Steve C]

            I think you have missed part of the point so to speak and that is how these things are ending up in products.

            It may not be a *supply chain* issue at all. It may be someone (a thief) switching a reel of genuine FTDI’s with a reel of fakes in the factory. They can then sell the originals at a higher price to someone that is more selective to ensure they *are* actually real FTDI’s.

            Ironically it may be that very same dealer of *genuine* FTDI’s that sold them to the factory in the first place.

      2. People are fixing the problem in the “wrong place” because FTDI is trying to fix it in the wrong place. Where is the right place? Can you point me to a distributor who will sell me five chips, that you KNOW will be authentic?

        People are fixing the issue in the most effective way – by designing out FTDI.

        Also, on what basis would you expect a fake CH340 to produce excessive output voltage? And on what basis do you think there are fake CH340 chips out there? They are not expensive enough to catch the attention of counterfeiters. Your suppositions are ridiculous.

        What is YOUR idea of the right fix?

        1. Digikey, Mouser, Avnet… RS, Newark,

          If THEY sell fakes then they will back them up with replacements, apologies, investigations and banning of their suppliers.

          “Also, on what basis would you expect a fake CH340 to produce excessive output voltage?” I think you totally missed the point. Fake ships are cheaper for a reason, and that reason is quality. I was using the voltage as an example of a potential failure mechanism of a fake chip. I have seen fake FETs with absolutely insufficient thermal capabilities which if used in high power applications would easily overheat.

          “Your suppositions are ridiculous” Realy???? They aren’t suppositions. I have seen (in my hands) fake FETs which cost pennies, so I think it is you who is being ridiculous in your belief that just because something is “cheap” means it won’t be copied. I have even seen ‘fake’ name brand 0.1uF 0603 capacitors. How much do you think they cost???

          I don’t think there is a ‘right’ fix that won’t have people up in arms. If the drivers simply stop working with fake devices then people will STILL complain. They are trying to find a middle ground and still everyone says FTDI are evil for wanting to curb the sale of counterfeit devices.

  30. The previous bad driver wasn’t really removed from Windows Update. I rebuilt my electronics work computer 6 months ago and accidentally picked it up. I was trying to debug the issue and ruled out the driver because “it was removed from Windows Update” but, in the end, I took another look and saw that the removal was not true.

  31. I have a PLC set up for an industrial process. The driver update bricked the non-genuine chip in the PLC. Not only did it cost me my time to set up a replacement serial connection but it also destroyed several thousand dollars in process materials. Not that FTDI’s product is not decent but it is not their place to decide to use trusted channels to deface my process equipment.

    Has anyone started a class action suit against them yet?

    1. That is exactly the type of scenario I’m talking about when I say FTDI’s actions are very irresponsible as messing up process control at a factory or refinery is potentially very expensive.
      If they shut down an oil refinery it can easily be a millions of dollars of lost revenue.

      1. Manufacturer then can claim that they bought genuine parts from proper distributor and shipped them to Wong Hung Low Assembly factory somewhere in China, and Wong Hung Low Assembly replaced genuine parts with fakes, sold genuine ones on eBay and thus screwed everyone around.

        FTDI is responsible for not cautioning people tat they might have counterfeit parts in their devices, and should be prepared because FTDI will rape them in the face with next driver update.
        Imagine someone writing a virus that attacks SCADA systems by randomly changing input and output information. This causes few refineries, .chemical factories, water treatment plants and, for example centrifuges used by Iranian nuclear program to halt and catch fire, or explode. People die, millions of dollars are lost, and Iranians won’t have more bombs for some time. Who would you blame:
        1. SCADA designers for not making it more secure.
        2. People who sold and installed those systems for not making them virus-proof.
        3. Microsoft for making operating system with holes big enough to hide Everest.
        4. Virus creator for causing catastrophes by breaking hardware with software, even if he only wanted to stop Iran from having more bombs.

        FTDI wrote a virus hidden in drivers. Their cause might be considered noble, because they wanted to stop people from using counterfeit chips. However they didn’t punish greedy Wong Hung Low Assembly, they didn’t punish FakeTDI Manufacturing Inc, they punished everyone. They wrote malicious code to cause loss of data, break hardware or endanger people, and even cause damages to industrial equipment. Everyone, who bought FakeTDI chip knowingly or not, should now form a line, get down on their knees and prepare to be raped. Bring some mints, I heard it helps…

        1. “However they didn’t punish greedy Wong Hung Low Assembly” Well, that would be YOUR job since Hung Low gave YOU a sub standard build of your product. Don’t use them again. If you don’t use them and others don’t use them then they will go out of business.

          the only reason Hung Low survives is because their customers are fine with cheap, low quality products and don’t care if they are breaking the law to achieve it, as long as you can plead ignorance.

          If a build quote comes in at half the cost of other manufacturers and you can’t be bothered to check out WHY, then you deserve what you get.

          1. So why FTDI won’t sue Wong Hung Low for distribution of fakes of their chips, and won’t sue FakeTDI Manufacturing? Because it is hard, complicated and might take years. So instead they decided to screw the little guy for having bad luck. And they weren’t polite about it. Instead of saying for example “Sir, you are using fake part. Driver will now stop.” they send two big guys to bend your knees for you and prepare you for their special treat.
            If your Windows discovers that license key is blacklisted, it won’t turn your computer into pile of worthless manure. It will switch to trial version and ask you to buy new license. If FTDI made Windows, they would do their best to destroy your PC because you cheated them…

          2. @SteveC
            And you can be sure that we won’t use “Wong Hung Low Assembly” again, but how do we know what any other assembly plant is doing? Do we keep throwing good money after bad and say “well I learnt that these people are using fake FTDI chips” and lose time and effort? Or do we stop using FTDI chips which would actually solve this problem in this case?
            You assume that price has anything to do with quality. That is an invalid assertion. “Wong Hung Low Assembly” may have been selling you boards at the same price.

  32. As a hobbyist end-user I have no way to know what devices I have will fail after the driver update. Just because I paid a lot for the device and tried to buy it from a reputable source does not mean that I will not fall victim to this mess.
    The only way I can be sure that an FTDI driver update through trusted channels will not make my device unusable is to not use anything with an FTDI chip. This seems to me like brand suicide.
    You can tell me to return products etc and in some cases, that is possible and I will, but that is not an option with many products. As a “crafty consumer”, something saying FTDI chip now sets off red flags and I have to think “well, it might be genuine or it might not. I’d better avoid it”. Some comments say “these products failing give FTDI a bad name” which is true. FTDI stopping these products functioning all at once is giving FTDI a VERY bad name.

    One person won’t make any difference but when consumer devices start dying en masse and a quick Google search gives you “the FTDI driver broke it”, other consumers are going to have the same problem as I have now. Find out if its FTDI and avoid it if it is.

    Give me an alternative, as a hobbyist, how to tell if any product I am thinking about purchasing with an FTDI branded chip in it is going to work. I don’t have the buying power required to demand full traceability of all of the parts in it before purchase and buying it for a more expensive price (or from a particular store) doesn’t guarantee anything.

    1. “I don’t have the buying power required to demand…” With trusted suppliers of course you do!!! If they sell you even one device which is fake they will ‘make it right’. All the big suppliers typically have their qiality assurance certifications available to view online.

      If they are not prepared to show these documents to you, then they are not reputable.

      1. @SteveDC
        Sure, I’ll ask sparkfun for proof that their entire supply chain hasn’t swapped a component on them for my order of a single board. I’m a hobbyist, Not someone who orders 10000 of anything at a time. Even if they could produce documentation, I doubt I’d be able to tell if anything dodgy had happened until I had the part in hand.
        I can return a faulty/fake product, and with international shipping etc that is worth a net loss of time and money to me. That sure shows them! End result, I’m potentially punished for purchasing anything with an FTDI chip on it. Heaven forbid that I sell even a single device that I built using parts from a reputable seller that turned out to be swapping for fakes somewhere in their supply chain. My reputation may be damaged by going anywhere near an FTDI chip, it’s not worth the risk to me. I CAN’T control the complex supply chain that exists before I buy something from a good company. I CAN control whether or not I buy a part with an FTDI labelled chip.

        1. Go ahead.. try it. You will be surprised I guess. Reputable suppliers care about their reputation. If you receive fake devices from them they care about it. Go on, post to the Sparkfun forums and ask them. I dare you :-)

          “I can return a faulty/fake product, and with international shipping etc that is worth a net loss of time and money to me”

          Ahh, NOW we are getting to the crux of things. You can’t be bothered to help fix things.

          ” I’m potentially punished for purchasing anything with an FTDI chip on it” Well, sort of. You are being punished for purchasing a FAKE chip, yes, but you can help stop it happening in the future by letting your supplier know. Trust me, reputable suppliers WANT to know about fakes. fleaBay, not so much. Fly by night China supplier, not so much. Sparkfun, Digikey, absolutely.

          “I CAN control whether or not I buy a part with an FTDI labelled chip.” And what are you going to do when the next fake chip causes you some inconvenience? STILL keep buying cheap, probably fake stuff? That sounds like a plan.

          1. As I said in my original comment, as far as I know, all of mine are legit FTDI chips purchased from sparkfun and adafruit etc. They care about their reputation for sure.

            If I have a dodgy device, does that help me? No. I’m out at least the cost of the device (to buy a replacement) or more if I have to ship parts around the world, (plus reputation if I used that device to build something bigger). So assuming I take the more cost effective option, do i

            a) purchase a device which contains the chip from a large company punishing end-users for their manufacturing / supply problems, or
            b) a competitor who (so far) hasn’t done that?

            As you may have noticed, I’m interested in genuine products rather than knock-offs and do my best to buy those. Does that guarantee that my products aren’t going to be killed by this? No. Who is likely out of pocket for that? Me. Can I do something to reduce the risk of facing FTDI vengeance next time? Not buy anything with an FTDI branded chip.

          2. @Maz,
            So you think this issue is isolated to FTDI !!??? At least their ‘solution’ tries to warn you. A fake FET could overheat, burst into flames and burn your house down. Is that a better option?

            It is good that you try to do your best, unfortunately there are bad people out there and we all get caught occasionally, I agree.

            Does that mean I should get pissed with the REAL supplier?? I don’t think so. I take it on the chin, do what I can to fix it and carry on.

            Everyone here on HaD seems to want to blame FTDI for having a great chip that everyone want to fake, and I don’t get it.

Leave a Reply

Please be kind and respectful to help make the comments section excellent. (Comment Policy)

This site uses Akismet to reduce spam. Learn how your comment data is processed.