When it comes to electronic hobbyists and EEs, there is no company that deserves a few raised eyebrows than FTDI. They made their name with USB converter chips, namely USB to serial chips that are still very popular today. So popular, in fact, that clones of these chips are frequently found in the $2 Arduinos from China, and other very low-cost devices. A little more than a year ago, a few clever people noticed FTDI drivers were bricking these counterfeit chips by setting the USB PID to 0000. The Internet reacted to this move and FTDI quickly backed down from that position. The Windows driver was fixed, for about a year until the same shenanigans were found again.
Adafruit recently sat down with [Fred Dart], CEO of FTDI, giving us all the first facts and figures that aren’t from people frustrated with Windows’ automatically updated drivers. The most interesting information from [Fred Dart] is how FTDI first found these counterfeit chips, what FTDI chips are being counterfeited, and how many different companies are copying these chips.
The company first realized they were being cloned when they couldn’t reproduce results of a Chinese-made ‘FTDI’ USB to RS232 cable that behaved strangely. A sample of the cables were shipped to FTDI and after inspecting the chip inside, FTDI found it was a clone with a significantly different architecture than a genuine chip.
So far, the counterfeiters appear to only be counterfeiting the SSOP version of the FT232RL and occasionally the older FT232BL chip. From what FTDI has seen, there appears to be only one or two companies counterfeiting chips.
As the CEO of FTDI, [Fred] has a few insights into what can be done to stop counterfeiters in China. The most important is to trademark the logo. This isn’t just the logo for a webpage, but one that can be laser etched onto the plastic package of the chip. US Customs has been very amenable to identifying counterfeit components, and this has led to several shipments being destroyed. Legal action, however, is a bit hard in China, and FTDI is dealing with a gang that counterfeits more than FTDI chips; there’s a high likelihood this gang was responsible for the fake Prolific PL23o3 chips a few years ago.
As far as FTDI bricking counterfeit chips is concerned, [Fred Dart] wasn’t silent on the issue, he merely wasn’t asked the question and didn’t bring it up himself.
So hang on, the biggest part of the story was … not asked? Or simply nothing was printed about it?
Perhaps that there was an understanding before the interview that this question would not be asked…
More hard-hitting journalism from LadyAda.
hiya folks, i founded hackaday, work with ladyada now – i helped coordinate getting some questions to fred the CEO of FTDI that i wanted to ask, here are the questions since a lot of folks are commenting without reading the interview :)
——————
To jump right to what everyone wants to know, what happened before and currently with the FTDI drivers from Windows update regarding counterfeit chips?
Why do this instead of a notice on the web page or driver?
——————
my suggestion is that if you want other questions answered or the same questions asked in another way … email them and ask.
===================
others questions asked, and answered from the interview:
What is the history of FTDI? You’re the founder and CEO for 25 years, that is impressive! It would be interesting to go into some details around how FTDI started, what your motivation was for starting it, how it grew and what kind of challenges you had to overcome over its ~25 year history, etc.
Can you describe the product lines at FTDI and goals for the company. What would you say your mission and cause is?
How many people do you have? How many locations, how many products sold, etc?
Do you see a lot of counterfeiting of your products?
Do you have an estimate of how many companies are using the FTDI trademark for counterfeits?
Do you have an estimate of how much business you’ve lost due to counterfeiting?
Is FTDI feeling more business/financial pressure due to counterfeiters or from competing companies?
Do counterfeit chips ever make it into the ‘big disti’ network, e.g. arrow, digikey, mouser, element 14, RS etc. or is it purely gray market?
How much support do you have to do for counterfeit products, do companies and customers call you with support problems due to counterfeits?
What can chip companies do to stop counterfeiting? What are the issues with that?
Have you considered legal action against the counterfeiters?
The new FT231 series has the same essential functionality as the FT232, but is nearly half the cost – (the older chips costs more, how does that work?).
Anything you’d like to tell the maker community out there?
Thank-you
On the second question in the above comment, I saw that you asked it (read the whole interview) but was not impressed with Fred’s non-answer :)
Ok then, what should have been asked is something like this:
“End-users have no control or awareness over whether a counterfeit is used as part of a larger product. Won’t dealing with counterfeits by disabling or disrupting them, ultimately affect end-users more than manufacturers or counterfeiters?”
And that should have been asked IMMEDIATELY after receiving Fred’s non-answer.
Phillip Torrone also provided a non-answer. LadyAda is not a scripted overseas tech support employee, nor an idiot. She does not need to be given specific questions to ask. Especially when it’s the ONE question she should have asked, in the most direct way, and without fail; that question being the primary concern of the hacker community for which she supposedly acted as representative of. Otherwise, what was the point of her interviewing the CEO of FTDI? (Or Makerbot, an equally pointless interview.)
She didn’t ask because she chose not to, simple as that. She’s covering for FTDI, and Phillip covering for her. I guess she estimates that fear of counterfeits will bring her more than enough additional sales, to cover any losses due to her being considered a capitalist above that of a hacker.
LadyAda is not Julien Assange, It’s not her job to be an investigative reporter and squeeze the truth out of THE MAN by whatever means necessary. She’s a businesswoman and a damn fine engineer that’s made electronics a hell of a lot more accessible to the point where a child can do things today that professional engineers struggled with less than 10 years ago.
I don’t agree with FTDI messing with drivers as they did, but I’m not going to rage over internet drama to throw LadyAda and Phill under the bus because they didn’t pursue this issue like rabid dogs. I don’t always agree with the adafruit people either, I had a lively discussion with Phill on reddit a while back, not seeing eye to eye on 3D printing stuff. but at the end of the day. without Phill this site wouldn’t exist, and without ladyada, half of the hardware hacks listed here wouldn’t exist either. They’ve earned their stripes and deserve a little leeway round here.
There was a bit more information in the Gordon Lunn (FTDI) interview with the EETimes. Have a search for it to read it. Two choice quotes: “Ultimately, we are challenging the counterfeiters” and “The reliability of these unknown devices is also unknown, so you can’t guarantee how long they will last [..] but people still come back and think it’s the FTDI parts failing, so we have to try to weed them out if we can.”
Brian, I think you need to explain why you did not question Fred about the new drivers, especially in view of the way the drivers can cause systems containing counterfeit parts to fail in ways which may lead to public safety concerns. I expected that you would ask Fred about the new drivers. This is an important question. Following the VW emissions fiasco engineering ethics is a hot topic.
This was not my interview.
The most likely reason for Adafruit not asking this question – and speculation on what the answer would be – were cut from this post.
Got it, apologies Brian.
I know that HaD and other sites were really quick to raise that alarm, but… really… any system critical designs that CHOOSE to buy their chips from eBay / Alibaba / gray market sellers… I’m not sure that’s fair to blame FTDI over.
They did directly say that all legitimate sources of the chips they have not seen any problems. If you are going to build a system critical device, the fault then lies in the manufacturer of that device if they choose to cut corners. That’s no different than any other industry. If there’s a particular blend of concrete that is patented and sold for use in certain situations, and you ask your manufacturer to use that, and they go and find some guy in a truck that claims to have the same concrete, are you going to blame the original manufacturer when the building collapses because they didn’t make their recipe open so that illegal companies *could* properly make fakes?
You *could* make the argument that “yeah but what if it does enter a legal supply chain” but since that hasn’t happened, it’s not fair to make.
Telek, there were cases where people got dodgy parts even from Digikey and Farnell. It is not about a few hobbyists buying cheap junk on eBay or Alibaba/Aliexpress.
I can only speak for FTDI but in our case, the answer is definitely not. We’ve not had one single instance of a fake chip being sold by our listed sales distributor chains, most of whom we supply directly to avoid supply chain corruption.
I’m afraid I’ll have to call bullshit on that : https://news.ycombinator.com/item?id=11011638
“I’ve purchased what I thought was an industrial spec microcontroller board from a legitimate and respected supplier, through Farnell, and it had a counterfeit FTDI chip on it.”
And the requests to your company go unanswered: how do I tell if the supply I bought is legitimate? And no, “install it and have you nuke customers’ boards”, is a non-answer.
And how do I guarantee that a reel I bought isn’t nuked 3 years from now, because of faulty/bad/”probable counterfeit” driver idiocy? Can you even guarantee that your chips won’t be hit by it?
The big question: Why should I use FTDI?
@jwcrawley
So Farnell sold a product line that contained a fake part, they did not sell fake FTDI chips directly.
The big question: Why should I use FTDI?
Simple because if you do via a reputable supplier, you get a very good product that meets it’s specs and has very good customer support. To the extent that they will take out counterfeit products at the risk of their own reputation.
“The big question: Why should I use FTDI?”
And the answer is you shouldn’t unless you think using your customers as a meat shield in your fight against your adversaries is A-ok and something every company should do. Especially considering said company is so convinced of the rightness of its ways it’s only willing to defend them one-on-one in a dark back alley where they hope they can corporate-steamroll the “right” answer over you. Tell you what, anyone embracing them after this gets exactly what they deserve. Have fun you two…!
*NOBODY CHOSE* to buy fake FTDI parts and that is the most important aspect of this!!!! Do you think Adafriut, DiGiKey etc were trying to source fake chips.
The fakes were good in that even FTDI had to de-cap one to see that it was fake!!!! How many EEs of manufacturers have the facilities to de-cap chips???
Some entered in Chinese manufacture where *originals* were specified on the BOM of course!!! do you expect to see “Counterfeit FTDI” on a BOM???
Listing that your part is “FTDI” and isn’t is counterfeit.
But listing that your part is “FTDI compatible” is perfectly acceptable by the letter of the US law.
Note, that the only way to tell is by reading the characters silkscreened on the chip package.
So, I ask, why isn’t FTDI being charged under the CFAA for destroying hardware?
(1) In reference to your “I’m afraid I’ll have to call bullshit on that” comment above, no it’s not bullshit. You’re referring to a complete, assembled system (a microcontroller board, apparently). The claim about no counterfeits from approved distributors surely applies only to the purchase of actual FTDI *chips*, not to assembled systems. Obviously FTDI can’t control where the (so-called) FTDI parts in a manufactured board came from.
(2) Even if “FTDI compatible” is legal, it’s definitely not legal to use FTDI’s USB vendor ID, which is what the counterfeit FTDI parts were/are doing.
@BCD
Those are parts, either assembled or on a reel, that were in the major distributors’ warehouse that were indeed counterfeit.
If I can’t trust the major distributors for legit products, whom can I trust? FTDI? Hardly, at least not with their 3-6 month turnaround for chip orders. For a specialty chip, that’s acceptable, but this is a bloody USB serial interface. Use a MCP2200 instead.
And also, how do I guarantee that I won’t be bit by “potential future counterfeits” 2-3 years down the line? FTDI has shown themselves to take with reckless abandon your hardware. They all are damaged goods, and using them is a single point of failure. They can’t even guarantee that their driver nuking is deterministic…
Just no.
And also, as long as you don’t use the USB certified logo, you can use whatever vid/pid you want. It may break the license agreement with the USB group, but it isn’t breaking the law.
In the interview it is plainly stated that the counterfeit hardware was not damaged. The driver simply refused to talk to it.
Apparently, you can detect some of the fakes because the bit-banging mode actually works properly on them, unlike the real FTDI-made ones. (Wouldn’t even be the first time something like this has happened. Fake NRF24L01+ modules are incompatible with the real ones because the fakes obey the official datasheet.)
Did you forget that time fake Intel CPU showed up and Newegg were selling them because someone switched the supply of real chip for fake chip in the supply chain before it reached Newegg? Even reputable vendor can get caught with fake goods. And there are too many way dodgy stuff can slip in
But if the maker of that patented blend of concrete then went out and did something that caused buildings built with the fake concrete to collapse, then YES, I’m going to blame them!
I find it ridiculous that so many smart people actually expect fake “FTDI” chips to work with original drivers perpetually. Do you guys seriously expect FTDI to do a regression testing with fake chips to make sure that they don’t break whenever their USB driver is updated? It’s impossible for FTDI to guarantee that fake chips are going to work with future updates of the driver. Complain to the person who sold you the fake chips amigos. What are you guys smoking?
Yes, well no … it’s the plot – you’ve lost it!
It was the other way round: FTDI did much testing with the fake chip, to guarantee, that the driver DOES NOT work with them and BRICKS them. So please stop smoking the shit you do – its bad for you.
FTDI have no obligation to make sure their driver works with anything but their chips, but they are deliberately breaking compatibility.
There’s a difference between accidentally running into someone with a broken taillight because you didn’t see them, and deliberately driving into them to prove a point
I am a big fan of automotive analogies in general but but this analogy is particularly good and to the point. Bravo
Are these really ‘counterfeit chips’ in that they are sold as genuine FTDI chips? or are they merely work-alike clones that use the same API to talk to them (which includes identifying themselves as FTDI chips on the USB bus)?
If they are sold and marked as FTDI chips, then there is a problem that FTDI can and should take action against.
But if it’s a case of various manufactures choosing to clone their API, and have different internals on the chips, different markings, etc (i.e. no intent to deceive the EE who is building the circuit) then they don’t have a leg to stand on.
They did say in the interview that the chip looks legitimate, but the date/time code did NOT match their records.
So by marketing them as “FTDI” compatible, they’d be bending their rules in their favor.
Or at-least technically, things get murky in the land of legalese.
Not really. If they were legal chips that differentiated themselves and had their own USB PID, they wouldn’t work with the driver, thus making them not FTDI compatible. The only way to make them compatible with the driver is to falsify the USB credentials.
You only need your own USB PID if you want to use the USB logo.
There were two entry steams (that I know of) for these chips. I don’t have a case (other than speculation) to say the mainstream suppliers supplied counterfeit *chips* by themselves, however many mainstream suppliers did end up with counterfeit chips in circuit boards manufacture elsewhere (read China).
Before they were discovered they were every where in consumer goods.
The first stream was in CoB designs and it could be argued that these are not counterfeit because they make no claim to be FTDI chips except that they use the FTDI USB VID/PID which may be perfectly legal. These were coming from one of the countries called China.
The second stream was SOIC packaged chips with the full Registered Logo (Trade mark) for FTDI and clearly this is a counterfeit chip. These were arriving on circuit boards made in one of the countries called China.
What is lost in most of the arguments here is that no-one was selling or buying fake chips in any market place.
The original chip (by FTDI) is an ASIC and the fake is a micro-controller that emulates the behavior of the original and sends out the VID/PID to windows that loads in the FTDI driver. I hope that answers your question about API because I don’t clearly understand the question, windows itself is just an API but I expect you mean the protocol used between driver and hardware.
I’ve got a question for Fred. Please explain how the PID of my legit Kickstarted Digispark got set to 0000?? Oddly 2 of my units all flaked out around the same time of this recent round of driver updates. They all worked previousky. pPoor approach to fixing the problem.
Just because the digispark is legitimate doesn’t mean the FTDI chip on it is. And Digispark may not have even known they had counterfeit chips on their boards.
In other words,
“We’re not going to punish the people who bought the (alleged) counterfeit goods, only the end user.”
FTDI can’t even guarantee that their idiocy won’t also attack a legitimate FTDI chip.
The latter they probably will be able to guarantee. They will do some testing. It is not so easy to reliably brick the compatible devices. :-)
I would have liked to see an answer to “Why did you choose to send data out on the UART pins, where most end users will never see it, rather than have the driver throw an error (exclamation point icon in Device Manager) on detecting a counterfeit device?”
Been wondering the same thing myself.
Comments over at HN suggest that drivers are not supposed to (and can’t easily) put up a message window in Windows and this was – supposedly – the best alternative they could come up with.
I believe a comment at HN noted that drivers in Windows aren’t supposed to pop up messageboxes / some other window. Companion software could interact with the driver, but – unlike the drivers – no such companion software is included with Windows. This was the best alternative they could come up with.
Some people are suggesting a popup window; I am not. Many drivers DO report errors with devices, and they’ll appear in the Device Manager with an exclamation icon /!\ when there is a problem. Sometimes the System Tray will also notify you if a hardware driver has failed to enumerate a USB device. These are perfectly valid and established ways to notify the user that something is wrong with the hardware.
I’m not sure those are the driver specifically or windows’ messages. If all it can influence is whether or not Windows displays *a* message, rather than a more specific “The driver failed to work because [a component] is counterfeit”, I don’t think that would do in the eyes of FTDI.
The only way to not get bit by FTDI driver issues is not to use the chips.
There’s others that are good: MCP2200, CH340G, and others. Use them in your designs. And their drivers won’t harm users’ hardware.
Not yet. Not until some other fab house sees how much money could be made and makes their own copies, and the real owner of the intellectual property decides to create a “new and improved” driver to brick the fakes.
You can always use a microcontroller with USB hardware and set it up as USB-CDC. For personal use you can use any VID/PID values. And if you are going to mass-produce a device, then you can pay for VID…
You’d need a certain volume to afford that / make it worthwhile.
Most projects including usb to serial never reach that volume.
Blame USB’s governing body for not having a generic and well documented VID/PID for usb-to serial devices, where fulfilling a set of easily accomplishable spec requirements grants you access to it with minimal red tape.
You can get an individual PID from MCS electronics for $15. Regardless of what the USB governing body would like you to believe (or tell you), it’s perfectly legal.
http://www.mcselec.com/index.php?page=shop.product_details&flypage=shop.flypage&product_id=92&option=com_phpshop&Itemid=1
The Cypress Semi part I use (and many, many others) don’t have a proprietary driver like FTDI, and so there’s no way they could try such shenanigans. Instead, they are a modem “class” device and the OS uses a generic driver to talk to them.
As these are much cheaper there is less drive to copy them.
I agree: Too much drama, too easy to avoid. FTDI is harming end-users to get back at some foreign national manufacturing concern– *that has already banked the money*, you understand — made on this cloning/counterfeiting/call-it-what-you-will. For designers and consumers alike, it makes sense to spend your resources with any one of the other companies that is not currently looking to position consumers as front-line Sacrificial Pawns in their trade war. As Miyagi said in the Karate Kid: “Best defense, Not be there!”
There’s absolutely no guarantee at all that FTDI’s driver – now that they’ve decided to play this game – won’t malfunction at some future point and misidentify legitimate parts as fake. As a result, FTDI’s drivers are, frankly, no longer trustworthy (at least on Windows), as are any devices – legitimate or not – that they support.
I understand your emotional response, but really, that’s quite a bit of hyperbole there. Yes, FTDI probably didn’t do the best thing, but viewing it from their point of view I can imagine the frustration at losing business, and more importantly reputation, due to shoddy copies.
Yes. Much better for them to lose business and trash their reputation by their own hand.
Bricking isn’t ok. Period. If they didn’t want to work with clones then they should have just stopped communication when a clone was identified.
Read the interview. Nothing was bricked.
It wasn’t an interview – it was a stage performance to give everyone the *impression* that FTDI didn’t do anything wrong.
As YES – they certainly did brick many clones.
Shoddy copies? The truth is that they are not copies and not shoddy.
The most funny thing here is that fake FTDI works _better_ than original. :) Fakes have flawlessly working bitbang mode, and originals have a bug without fix or workaround.
Seems that FTDI just fall into revenge mode, when they discovered that somebody make their work not only cheaper, but also better.
Well, there are two things the cloners did that is unacceptable.
1. They copied FTDI’s logo, violating their trademark. Clearly they were attempting to sell a fraudulent product.
2. They used FTDI’s USB vendor ID. Whether that’s actionable or not is a whole can of worms that I actually found myself in last year, as it happens.
But NEITHER of those actions is required to sell a pin-compatible part. Cypress Semi sells one that is a drop-in replacement for the FT232RL and uses a “class” driver, meaning that they don’t have to write their own.
So while I am anti-FTDI, that doesn’t mean that I don’t also think that the cloners are scumbags too.
Logo is the only definitely incorrect thing in all this case. But this can be ruled out easily by FTDI, if they want. It’s not a problem to find that company, who made fake chips. They are not teleported from another planet, and not wormholed from another dimention.
All that crap about VID means nothing if the company who made fake chips is not a member of USB organization. For example, if I begin to sell some USB devices with somebody’s VID there are no laws to somehow stop me from that. And VID is a part of compatibility. If you make compatible device, you have to use that VID. Making compatible devices is not a crime. So, using someone’s VID/PID too.
Instead of forcing lawsuit, finding counterfeiter, and forcing him to switch to making FDTI chips (like thousands of china counterfeiters forced to make “abibas”, ‘”lPhone” etc.) FTDI did something definitely inadequate, like they didn’t use brains to make proper move. Taking into account that counterfeit chips are better than FTDIs, the logical explanation of FTDI prank is revenge.
Important note about “CDC class” – FTDI chips are not plain USB-serial converter, they have an ability to do bit-banging, and exactly that mode, despite the hardware bug (fixed, however, in clones), made them popular. “CDC class” does not support bit-banging, so “legal” drop-in replacements can’t really replace FTDI chips. And another question – if there only USB-serial converter needed, why the hell device engineer will select FTDI chip? There are a lot of cheaper and better plain USB-serial converters around. So, the main purpose of FTDI is bit-banging, not serial converter. Since there are no standard USB class for this, FTDI solution become standard de-facto. There are no way that de-facto standard will be private property of inventor for a long time. Few years, and there will be clones. That always was, and that always will be so.
Also, there is one interesting question – The clones marking was outstanding, that even FTDI have to decap chips to ensure they are clones. Company, who have an ability to create their own circuit in silicone and make indistinguishable marking on chip, easily could just copy FTDI, but didn’t do that. FTDI does not want to prosecute counterfeiter in lawsuit. May be FTDI just fire some lead engineer who have good contacts with fab? Well known story, just like Motorola and MOS with 6800 and 6502 chips. And now FTDI goes for revenge to that man or group.
That’s not how the clone bricking worked. Instead of authenticating the chip and bricking it if it fails, the driver does an operation that *does not work* on a genuine FTDI chip, but bricks a clone (which are very different internally). It’s not possible to brick a genuine chip with this method.
Of course, it’s still a monumentally stupid thing to do, and I’ll never recommend or use FTDI again because of it (especially since their current driver switched to throwing garbage out the port on a clone chip periodically instead – still hurting end users for no good reason.)
Adafruit kind of *did* ask about it in a non-direct sort of way. After Fred Dart talked about how he was screwing over uninformed end users by switching the PID because he was butthurt, he was then given a followup question about why he did not just issue a warning stating that it was an unauthorized chip. Fred Dart then responded that it did not affect his customers and it only affected end users who bought cheap Arduino’s because they essentially, “should have known better than to buy a cheap device to learn how to program on because it was extremely obvious to every human being what an FTDI chip is and that its unit price is ridiculously expensive.”.
True they didn’t get in the guys face, but the answers he did give, show what kind of filthy scum he and FTDI are. Most newbies (myself included) just assume that all of those tiny little chips are super cheap in large quantities, and to be honest, I tinkered with a genuine Arduino for two years before I even really knew anything about the FTDI chip.
Honestly, I like this gem in the Linux Kernel code : https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/tree/drivers/usb/serial/ftdi_sio_ids.h#n33
/*
* Certain versions of the official Windows FTDI driver reprogrammed
* counterfeit FTDI devices to PID 0. Support these devices anyway.
*/
#define FTDI_BRICK_PID 0x0000
That is actually pretty hilarious.
Yay! Somebody actually did something effective. No surprise that it was in Linux.
In Linux my $5 Chinese Arduinos work just fine. They refuse to work in Windows 10 that a coworker uses – even with CH340 chip. Fcked The Damned Incompetent (FTDI) company allied with M$ does it again.
I’m glad to see that Arduino and other dev boards don’t use FTDI chip anymore (fake or real). So people are getting familiar with other USBserial chips and when you get familiar with something you will probably use that in your more serious future projects. So FTDI is losing it’s market share because of that bricking approach. You know the saying, once you crack a mirror …
Um… I *don’t* know that saying. Neither does Google. There is a Lady GaGa lyric that’s similar that says something like “you can fix a broken mirror, but you’ll always see the crack that was left behind.”
“Trust is like a mirror, you can fix it if it’s broken, but you can still see the crack in that motherfucker’s reflection.”
7 years of poor sales figures?
So my China toys can’t be near Microsofts operating systems…
It is fine with me :)
I was going to get into this shit. Down with FTDI……………………………….
They just keep shooting them self’s in the foot. and how many feet do we have?
But forget.
Im in a bad mood any way My DSL is down in ontario. Just bad bad bad all the way around.
After 1 1/2 trying to figer out why my internet is down. Changing wires ripping things apart, changing devices, and cables, rewiring half the F@#%$ house. Just to find out it not my hard ware……..
At least I have my phone with data. That is the only thing keeping my family from ripping each others throat out.
God almighty The people today just cant live with out the internet.
Sorry just had to vent. Thanks….
I read entirely the interview and personnaly I’m satisfied with Fred Dart answers. FDTI have the right to protect their reputation and buisiness. It is right to forbid their drivers working with conterfeits chips that use their vendor and product ID and pretend to be FTDI products.
FTDI does have the right to protect their reputation and business, and to protect their trademarks. They also have the right to code their drivers to not talk to chips that they do not identify as their own, despite the fact that there is probably nothing illegal about using their PID/VID. But they have NO right to permanently damage a product containing what their driver identifies as a counterfeit chip.
Also, the fact that they apparently dump messages out the serial output of the chip saying that it is counterfeit makes me question their motives. Why do something like this, which most users would never see, rather than just pop up a message saying your device contains a counterfeit chip, or setting a device error in device manager?
And I have the right to use any product except FTDI in designs after what they did. Case closed!
I agree with Jaques, and 1956 was a very good year. I still think that the bricking driver was excessive and misdirected, but I think that the later driver that spits out a message on the serial port is fair. To all of the people saying, “but what if this is in a critical device and causes it to fail at a critical moment” I say, your critical device can’t fail at a critical moment unless you’re doing Windows updates at a critical moment, which seems like it would be kinda’ stoopid. Lots of people here have said that the proper thing to do would have been to have the driver simply refuse to work with the fake devices. I ask, wouldn’t this still cause the critical failure problem? This is effectively what they did. In fact, what they did was a little nicer, because in some cases (where the user can see what’s being sent over the serial port), they get to know why the device is suddenly acting up.
In my view, the only thing the counterfeiters did that’s wrong was to use FTDI’s logo on their parts. They were perfectly within their rights producing chips that were mostly compatible with the FTDI chips, and FTDI was fully within their rights refusing to support chips that aren’t fully compatible with their driver.
Yes FTDI have the right to detect conterfeits in their driver and not support them, 100% correct.
But that wasn’t what they did was it? Destroying hardware and injecting potentially harmful shit into the communication isn’t right legally or morally.
So fuck FTDI – I will never use any of their chips in any design in the future. My _genuine_ FTDI chips have been thrown away already.
Just for god sakes if a board from ebay seems too good to be true it probably is and don’t get it
Buy from reputable manufacturers that can be healed accountable for fraudulent IC, if you can’t fork out the extra few bucks than accept the fact that this can happen to you
OK, So i should just buy from reputable retailers that were also caught out then???
I already had my involvement in fake chips-a TI precision mil-spec ADC. Met specs fine at room temp-but crapped out at -10C (spec was for -40C)
Got lot info from a suspect chip-contacted TI. After a long pause-a simple. non-cryptic message: “That isn’t one of ours. It’s a counterfeit chip”.
The kicker was this was a huge multinational corporation and the boards were manufactured by one of our Chinese manufacturing groups IN HOUSE. No honor among thieves, huh?
So wait you said you were going to answer our question regarding bricking the chips and then… you don’t ask him the question? I’ve been a long time lurker on HaD and the quality of your articles is turning to garbage day on day and that is sad.
A lot of people here suggest to not use FTDI but the MCP2221 or the CH340.
Has any of you ever completely evaluted those? The MCP2221 has this weird 30µs pause between every 2 chars it sends, meaning if you run it on 1 MBit/sec, your effective throughput will be 250 KBit/sec. Then there is the receiver, can it keep up with a continous stream of data at the highest supported baud rate? While sending at full speed at the same time? How tolerant is the receiver, meaning how much can sender and receiver clock differ before it stops recognizing the data? How well does handshake work?
Who makes the CH340? Reputable Manufacturer you can depend on being around in a few years?
The one thing I see going for the MCP2221 is that it’s available in DIP, so you can use it on a breadboard.
The same questions apply to the fake FT232 too. How well does it really work? I don’t expect many problems at low speeds (115200 and lower), it’s always the edge cases where things fall apart.
Not sure why people have such heartburn. FTDI has a responsibility to their employees and their brand. If they put up with fake FTDI chips leaching their resources and costs, then where does it end? Their choice of not supporting counterfeit chips is an excellent choice and if you bought a system that contains a counterfeit FTDI chip is not FTDIs fault, but the folks who build said system. It is a shame on that company to build something that has counterfeit chips and they need to be diligent and honor returns or repairs.
Folks need to be understanding and stop whining for something that has probably not even happened to you.
Except, get it through your head already. It is not “not supporting”, it is malicous destruction/altering data stream (which could be intepreted as ‘hacking’ or what ever the actual legal term is) of alternative chips. Nobody copied the chips, the only issue here is trademark and that is only if the chip says FTDI (or has the logo) and maybe FT232. The USB IDs are not part of any protection. The chips are legal to use the same communication protocol.
And since FTDI is not actually supporting anything, not even the fact that people could get real chips from their FTDI distributors, then FTDI is atleast as much at fault here as any counterfeitors. FTDI is using reqources to fuck up peoples already bought system instead of making sure people have access to real chips.
replace ‘reqources’ with ‘resources’ and ‘bought system’ with ‘bought systems/machines/boards’
I think this signals that we should move away from FTDI and create an open source alternative. The whole idea of open source is that anyone can take this product and roll their own. This leads to rapid improvement and efficiencies in development. Reduced cost is an improvement. Perhaps there should be an open source driver written to replace FTDI’s driver. I can’t believe that one company can actively damage another companies property. If this is a copyright violation it should be fought out in the courts not on the circuit board.
Bingo!!!!
This conversation has never gotten to the source of the problem and that is the shitty windows USB-Serial bridge driver and the cost of a VID from the USB organization (not owned by Microsoft.
Here is *HOW* all of this unfolded.
Since forever the shitty windows generic driver has been so bad that if you compare it to any non-generic USB driver then the list of what the windows driver *can’t* do would be longer than what it could do.
This means that if you want to make USB-Serial bridge hardware the you have to pay the exorbitant USB organization fees so that your VID/PID can be recognized by windows and you can sign the driver for windows for an extra fee.
This mean that only the *big players* had entry into making something as small as a USB-Serial driver because to need to sales volume.
Lack of competition meant that markup or margins were much higher and the big players could invest more into development.
Very early on FTDI invested and absolute fortune in making an ASIC USB-Serial bridge. There isn’t much that is *more* expensive than bringing and ASIC to the maket and this is what is burning FTDI’s ass now.
That was a long time ago and micro-controller technology improved as it does and it is now easy and cheap to use a micro-controller to emulate the behavior of a much more expensive ASIC.
So FTDI was left with an expensive product that was expensive to manufacture and owed them a return on their investment and they held their margins high as the clawed back their investment while newer technology could do the same thing (in most cases) at a fraction of the cost.
The rest was inevitable. We know China clones/rips-off/counterfeits things.
Hackers gunna hack and counterfeiters gunna counterfeit.
The FTDI chips was simply the lowest hanging fruit by a long shot – much lower than any other fruit as it had an unrealistically inflated price and there was a huge profit margin available to counterfeiters who could emulate the chip with modern and cheaper micro-controllers.
I find it unbelievable to think that FTDI didn’t see this coming especially after the Prolific event. Now they’re playing the victim as if that is an excuse for their behavior. Blind Freddy could see this coming.
Now I’m going into most of *what* FTDI did as a response – everyone has their own opinion about as do I.
However their is one mistake that FTDI made that is seriously going to burn their ass irrespective of what EE’s that choose what chip go into their boards think about all of this because there is one event that is even more significant.
While we think of FTDI as one of the *big guys*, they are indeed a very small player compared to the biggest guys. And FTDI is about to learn that you don’t f..k with the biggest guys or you will get some serious ass burning.
The one *biggest* mistake was that FTDI used the Windows Operating Systems auto update feature as an attack vector for the counterfeit hardware.
While everyone has been arguing about weather it was right or wrong to brick hardware – Microsoft is busy updating the generic USB-Serial bridge driver and that will allow many many small players including those from China to compete head to head with FTDI and FTDIs flagship USB-Serial hardware simply cannot compete at a manufacture cost level with far cheaper micro-controllers. So effectively Microsoft is gearing up to pull the rug right out from under FTDI’s feet.
The USB organizations monopoly is already falling apart so the time is right for Microsoft’s move.
Expect to see a flood of cheap USB-Serial products hitting the market once Microsoft *fixes* the generic USB-Serial bridge.
Now this has been a short post and much is missing – there will still be a niche for a much lower volume of FTDI and there are many other factors not mentioned.
Ha!..fake prolific chips…that explains it. I thought the company made garbage products when I went to the website and the drivers never worked right on windows7. Gotta do more research before buying the cheapest bargain basement ones online..
I have a genuine profilic chip (based on profilic software telling me so) and their drivers cause blue screens on W7. It’s the driver that causes the blue screens, the chip, even if it was fake, can’t do that. The drivers do suck.
when prolific started their driver war against fakes everyone switched to FTDI because FTDI just worked…
And all of this is just Windows computers right?
The driver ‘problem’ yes. But if you use Linux and the chip you use is a fake that doesn’t work right in some cases, you will have problems on that platform too.
But what about this?
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/tree/drivers/usb/serial/ftdi_sio_ids.h#n33
Doesn’t this mean that someone has fixed linux?
No, it just means you can use a fake FT232 with a VID set to zero under Linux. It doesn’t say anything about how well that fake will work. It might work well for you or it might not, depending on what you are doing with it.
Initially, it affected all computers, since once a product containing the semi-compatible chip got its PID changed to zero by FTDI’s driver, then it wouldn’t work on ANY computer. What the Linux developers did was to make an exception by accepting PID=0 as a valid value. But it undoubtedly took some time for this hack to be implemented, and longer for it to be widely distributed.
A lot of people commenting here did not read the interview.
FTDI estimates losses in the hundreds of thousands of dollars range. “A few” could mean half a million, just for grins.
That’s money to pay for a lot of families, and it’s paying Chinese families, not the people working hard to make their living with FTDI.
I have no problem with the driver identifying fakes and sending the string to help people confirm. Fred says they had options and there was a vote cast among various parties, and the string was what won the vote.
There is no meaningful difference between the string and just not working, unless it is YOUR product, right? Just not working can be written off as some other problem. With the string there, they will ask why fake stuff was used.
And that might suck more than just repair refund or replace will.
Test your incoming chips. It’s not hard. FTDI does not want to encourage these criminals, and I personally don’t blame them one bit.
As for all of us who got fakes? Best get right on asking that supplier what happened. FTDI isn’t at fault here.
For those talking about risk and avoiding FTDI, do it, or don’t do it. It won’t make a meaningful difference to FTDI and their main business and supply chains. That same half million is a drop in the bucket in terms of overall business.
Risk is everywhere. There is now a bit more risk associated with FTDI, and the cause of that risk is the criminals, not FTDI.
Great Interview. I recommend everyone read it.
It’s odd how half a million is money to pay for a lot of families when it comes to it being lost to FTDI due to counterfeiters, but when it comes to people switching to other brands (be it due to FTDI’s handling of the driver or not) it suddenly becomes something that’s just a drop in the bucket.
For FTDI it should have to be about the bottom line. How many more genuine (FT232RL / FT232BL) parts are they selling due to people putting in the extra effort (time, money) in making sure they’re getting the genuine parts, and how many *less* are they selling because people do not want to put in that extra effort or have a perceived ideological reason to switch brands?
When reading the interview, pay extra attention to the part where they speak about the price and technological difference between the older parts and the newer parts; the older parts work with 5V, something that most of the professional industry is well on its way of moving away from, but most hobbyists are not. Are most hobbyists really more likely to put in that extra effort, or are most hobbyist the typical commenters (any pick of forum)?
Combine that with the thinly veiled “it’s good to offer customers the choice” (at a much higher price).
If they were just targeting companies using counterfeit chips in products such as cables, then this strategy (in the long run) should work just fine. They would either get genuine FTDI, or switch to other chips as well.
If they were also targeting the hobbyist who was getting cheap FTDI chips off of e-bay, then they could have done a lot better by lowering the price on the older part – either instead of or in addition to the driver approach.
Both are true.
Honestly, discouraging the criminals and maintaining the quality and consistency associated with FTDI is worth more than this business is. There are much larger opportunity costs in play.
So this means, make your choices. If you want to move away from FTDI for not supporting criminals and their chips, do it. That’s good for you and FTDI. On the other hand, if you continue with FTDI, it’s even better for FTDI.
There is no bad for FTDI in this scenario, and that’s what a lot of people just do not understand. Most of the rock bottom price business was never going to be FTDI business, so their losses are marginal in terms of overall FTDI business. Some of the business would have been FTDI business, and that’s money for the families who did the work too.
Most serious players won’t blink an eye at this. If they are regulated, they have the entire BOM certified, tested, etc… and it’s a non issue. To them, they see this criminal activity as just a cost for their trusted partner FTDI. And it’s unfortunate for FTDI, but a non issue for them. Others, may not have those requirements, and may need to underwrite or add a test to make sure they are getting what they paid for, but FTDI will assist them with that, and again, the added cost and risk is due to criminal activity, not FTDI.
There is no scenario where it’s reasonable to expect FTDI to support the criminal devices. There is no gain for them in any way at all.
The primary threat is a rise in share of these fake chips, and with that, more losses for FTDI as well as negative impacts due to inconsistency in their product, support, etc…
I have noticed a lot of people, who are attempting to frame this as the fault of FTDI also mention price. Here’s the deal on that. They have a good product, they have priced it, and they have a great business on that product. For those people who think it’s too much, they are completely free to use alternatives and or design their own.
So go and do that. If enough people do that, FTDI may want to reconsider price. But, that’s not really the discussion at present.
A lot of people want to make it one though, and I don’t think much of that, nor does FTDI. Don’t blame ’em.
Now, they do have a lower cost option. Seems like that was in development long before this mess came to a head, and it makes sense for them too. They see the lower end, cost sensitive market and are responding appropriately.
What the criminals did was slap together a bodge, and attempted to make other people think they were actually FTDI, not just some compatible thing or other. And doing that is just not OK.
These problems are the fault of the criminal and or very shady people who sold others a bill of goods. Fake stuff that has no warranty, nor do they even have any standing to give one, and that’s a high risk item sold as a low risk, high quality item.
Now people are finding out just what that means, and they are pissed. Don’t blame ’em.
But that’s just not on FTDI at all. They did the work, they wrote the software, they built the brand, they insure their supply chain, they back their products, the whole nine. They want nothing to do with the fakes, and they have no obligation to support those fakes or the users of those fakes.
People got what they paid for.
The real anger should be directed at the people who decided they would sell fakes and by doing that, they increased cost and risk for a lot of people.
It’s unfortunate that it must come to this. But, it’s not FTDI driving any of it. There are people out there who are perfectly willing to rip FTDI off, pollute their brand, sell people fake gear, and do whatever they want to make money without a care in the world for anyone, including you and including FTDI.
By doing this, FTDI has given everyone a way to understand what is happening. And they need that conversation to happen so that it’s very clear who is doing what, why and how that can impact everyone, including FTDI.
Anyone with fake stuff has choices. They can replace, repair, or hack around it. We all know FTDI software is for FTDI chips. It’s not for criminal fakes. Why should it be? Can’t think of a single reason for FTDI to encourage this at all.
The most common one is, “but lower price…” and to me, that’s extortion, and I personally would have none of it.
Frankly, if we do assert that FTDI has to “protect people” and continue supporting criminal, fake devices, “because market”, then that is extortion on the part of the fakers, who would then be in a position to force FTDI to allow their infringement on business, IP, etc….
Would you take that? I wouldn’t. Not for a minute.
So some of our cheap toys broke. Big deal. It’s not the end of the world. And we know why and what we don’t know is who.
Everyone who has a problem with fake stuff really needs to be contacting whoever they got it from. Once this happens, and it will happen, then word gets out, and the fakes aren’t going to move so easily, and we all have a better time of it.
That’s precisely why FTDI did what they did this time. It’s a clear message, and anyone who gets it has options, but what they don’t have is support from FTDI, and they don’t have it because they are quite simply not a customer of FTDI.
They could be, or not. Doesn’t matter, as stated earlier.
Re: Lowering the price
There it is again. Price.
Truth is, you, nor I, nor any hobby person has any idea what impact a lower price on the older chip will have on FTDI. If it’s like most mature products in a niche, lowering that price will cost FTDI way more than the modest gains from the maker / hobby community. I think that’s a safe bet, otherwise FTDI would have done exactly that.
Any CEO would see this, run the math and make the choice.
So there are options for people.
Number one might be to adopt something cheap. So go and do that. FTDI isn’t going to open their brand and reputation to criminals in return for that business. Have at it! There are other options out there.
Or don’t do that. Continue with FTDI, and perhaps modularize. One solution I have is modular. I get one connector type product (actually, I have a couple) and then I don’t pay for FTDI in most things I use them with. No worries. Or price the product up a bit and make sure it’s worth doing.
People have options.
And it’s worth noting the race to the bottom on products does have it’s costs and risks. This whole mess is one of them. Extreme price pressure is tough. Tough enough for people to go and consider fake stuff, or seek deals so aggressively that they end up with them. Understandable.
This is part of why I personally almost never go rock bottom on anything. Sell me good value and I’ll pay good dollars. win win People can think all that over too and maybe consider paying for a bit more value, which funds a bit better products.
Honestly, FTDI really doesn’t have options. If they allow this to continue and grow, it’s bad for them and users of FTDI products. While that may seem like a good choice for you and me stuck with this fake thing, it’s not good for FTDI, who did NOTHING to bring us that fake thing.
They need to respond, and a clear message is a great way to do that.
So I don’t blame ’em one bit, and I like the products and software. Will recommend and continue to be a user of FTDI stuff.
The criminals? Hope they move on and let everyone get back to doing the fun stuff.
So, Adafruit gave this guy a platform to play the “poor me” game while not even trying to get him to address the people he victimized. Adafruit might have gained Fred Dart as a friend, but they just lost me as a customer for a while.
He didn’t victimize you. The guy who victimized you was the one who made the fakes and passed them off as the genuine article so you bought them or a product using them thinking you paid for the real thing. Until you got told by FTDI’s driver you just didn’t know you were a victim.
So it boils down to: Do you want to stay ignorant or do you want to know you were duped?
Pretty sure it was FTDI that sent out the bad drivers, the counterfeits worked until FTDI killed them. Many of us are out good money and had no way of ensuring the electronics we bought were FTDI made. I have dozens of unused FTDI chips I bought a while back and I bought them from what I thought was a safe source but without a lab I have no way of knowing. Now I know to avoid all seemingly FTDI parts outright. I get protecting g yourself, that’s why you go after the company who sold the fake shit not the victim who bought it. That’s like arresting me for receiving a fake $20 bill from machine.
You actually went to a machine that sure looked like a legit ATM machine from BankBank (FTDI), but wasn’t (company cutting corners). You get and use your $20’s (products) all the time, and they work just fine. Then one day you try to use that $20 to pick something up at a BankBank location. They take your $20 but determine the security strip to be counterfeit, so they stamp a big “COUNTERFEIT” on the bill (set PID to 0000) and refuse to take it from you. You then try to spend it elsewhere (some other Windows machine), but they do not accept it anymore either – they don’t even recognize it as a $20 bill (PID 0000 not linked to any driver). Except at the local hacker club, because they figure the counterfeit is ‘good enough’ and accept it all the same (Linux with driver update). You weren’t arrested at any point, and it turns out that with a bit of poking about you can erase that “COUNTERFEIT” off the bill (set PID back to whatever the normal one is), and if you go to a BankBank location in an old part of town (older driver version) they’ll be happy to accept your $20 without labeling it “COUNTERFEIT” once more.
If that sounds ridiculous, it’s because most analogies tend to be :)
You still don’t get it. If you got fake FTDI chips, you were duped looong before FTDI updated their drivers which now refuse to work with them. You were a victim, you just didn’t know it yet. All FTDI did was tell you.
I still don’t get why people think that FTDI should have to continue supporting chips they didn’t make and didn’t get paid for.
Also, if you have the bare ICs and you read the interview, you got a hint about how to check them. Does it say something about ‘Made in China’ on the underside? If yes, then they are fake, according to FTDI. The other way to check is to try using them with the current driver. It will tell you in the system log and on the output if it determines them to be fake.
If someone or some ATM slips you a fake $20 bill, it will get confiscated once it’s determined to be fake. And you won’t get a replacement, you will be out $20. Also, if you have more than a single fake bill on you, you will get investigated.
Um, it’s you that doesn’t get it.
This has been unfolding for ages. The interview was just an opportunity for FTDI to put forward it’s plea for acceptance now that they have released that have f..ked up. And obviously it was agreed before the interview that none of the *hard questions* that everyone want answered would be asked.
This is not about some poor fellow ending up with a fake chip that got bricked. This is about manufacturers that have purchased what they believed to be genuine FTDI chips that they use in end products like (for example) Point of Sale (POS) equipment which is everywhere. And now the manufacturers clients have lost faith in the manufacturers because their product stopped working. The customer has no idea that fake chips is the cause so they bale their supplier who buys FTDI chips.
FTDI has been so bold to take chances with their direct customers reputations by acting the way they did. In business this is *NOT* an acceptable thing to do so now FTDI is in damage control. In my opinion it’s too late. Destroyed trust can never return.
So I guess there is no TLDR version of this. It has been going on for ages and this interview can’t change ay of the *FACTS* about FTDI’s past actions.
They have no obligation at all for any reason to support chips they didn’t make.
well plain example of why closed source software is bad for your health…
What a bunch of whiners here. If you buy a counterfeit product, either Nikes, bearings or chips the usual approach is that it is destroyed by either customs or hunter teams from the manufacturer.
This is a manufacturer protecting its real clients (=not you) from counterfeits by destroying any that it comes across. The alternate approach is that they send a customs officer to your house with a BF hammer to destroy your board when they detect it.
If you bought a counterfeit product, complain to the seller and get your money back.
Are you guys going to demonise Prada as well when customs seizes your $10 prada purse you bought through a Chinese webshop?
An interesting approach. Tell us, how *would* you feel if a company entered your house and physically destroyed any counterfeit goods?
As I mentioned elsewhere, analogies really just don’t tend to work well. In your analogy of counterfeit goods being blocked at the border, for example, you can either track it to know it’s been upheld in customs (and work from there), or you’re just none the wiser and you’ll tell the merchant that you never received the item (and work from there). I don’t think too many people here would be upset about a product with a counterfeit FTDI chip in it being upheld/confiscated at customs either.
If you had a counterfeit prada purse, walked into a high street clothing store, and a prada representative on the floor decided to take matters into their own hands, then the analogy would be a bit more similar. I can’t remember hearing of something like that happening – you would think it would be a common occurrence in cities like New York.
It would only be *a bit* more similar, however. I can’t conceive a situation in which the prada purse would only be a small but necessary part of a larger ensemble which the purchaser would nevertheless not necessarily be aware of, bought for a price that isn’t particularly too good to be true, let alone in which it would be worn just fine one moment, then not so fine the next. Maybe you can give that a shot, though.
Analogies really seem unnecessary anyway, especially given this particular forum.
Well, I guess like everyone I would dislike someone to come to my house to seize illegal products, but that’s the kind of thing that police do every day. I wouldn’t be angry though, those are the rules of the game.
What irks me is the kind of entitlement some of the readers here claim, to use counterfeit products and leach on the infrastructure FTDI spent money to create. The moment someone put a false FTDI logo on a chip the game was over.
If you build $1000 widgets while making use of a fake chip, the authorities will clear out your warehouse, bulldoze it into a pile and set fire to it. You can then lay your claim at your distributor, he will go to his supplier and this chain ends up with the counterfeiter being forced to repay the damage. This is the way you fight counterfeiting.
If you decide to source your chips through non-official or obscure cheap channels you will have to understand that you put yourself at the risk that the bonfire in front of your wareouse will go on your own balance sheet.
Disappointed they both avoided the (big) question.
Lady Ada doesn’t want another hit to her business , so she “interviews” FTDI but “somehow” doesn’t ask why FTDI is bricking pieces consumers bought and were unaware they were clones. That way businesswise Adafruit covers the basis of “consumer defender” (for making the interview), and business per se (in good grace with the legit chip fabricator).
I like my interviews with daring and brave questions and truthful and insightful answers.
So i won’t consider this an interview.