
FTDI driver kills fake FTDI FT232s - stoey
http://www.eevblog.com/forum/reviews/ftdi-driver-kills-fake-ftdi-ft232/
======
Someone1234
Microsoft should revoke the driver's signature via their next CRL update, so
that it refuses to install (effectively making the drivers unsigned). It is
acting maliciously and will break consumer's hardware, even hardware which
doesn't contain any FTDI chips.

If FTDI have an issue with a company ripping off their IP then go sue that
company. But what they're doing is catching consumers in the firing line, who
will wind up with multiple dead USB devices. There's no reasonable way a
consumer can know they are buying something with a fake chip and this could
kill devices years old, which will be outside of warranty.

I am totally serious that Microsoft should step in. FTDI's driver is so
defective that it is literally killing hardware, if they won't step in for
this then what will they step in for?

~~~
geographomics
Can we be sure that FTDI has programmed their driver with malicious intent? It
may be that this an accidental side-effect of using counterfeit hardware with
a genuine driver.

Without access to the source code or a well-reversed disassembly of the FTDI
driver, and a good grasp of the logic used in the counterfeit chip, one cannot
be certain about this. And surely not to the extent of urging Microsoft to
revoke driver signatures.

~~~
nsxwolf
They basically admit it on their license page:

[http://www.ftdichip.com/Drivers/FTDriverLicenceTerms.htm](http://www.ftdichip.com/Drivers/FTDriverLicenceTerms.htm)

"Use of the Software as a driver for, or installation of the Software onto, a
component that is not a Genuine FTDI Component, including without limitation
counterfeit components, MAY IRRETRIEVABLY DAMAGE THAT COMPONENT."

~~~
greglindahl
It appears that from @FDTIChip's twitter stream that in fact they do think
that this ambiguous license clause makes it OK to deliberately destroy
hardware.
[https://twitter.com/FTDIChip/status/524918979840585729](https://twitter.com/FTDIChip/status/524918979840585729)

------
amckenna
If anyone is curious what a real vs fake FTDI chip looks like under the hood
(de-capped chip) this is a great analysis and some beautiful pictures.

[http://zeptobars.ru/en/read/FTDI-FT232RL-real-vs-fake-
supere...](http://zeptobars.ru/en/read/FTDI-FT232RL-real-vs-fake-supereal)

Exerpt:

 _" What's the economic reason of making software fake of well-known chip
instead of making new one under your own name? This way they don't need to buy
USB VID, sign drivers in Microsoft, no expenses on advertisement. This fake
chip will be used right away in numerous mass-manufactured products. New chip
will require designing new products (or revisions) - so sales ramp up will
happen only 2-3 years later. Die manufacturing cost is roughly the same for
both dies (~10-15 cents)."_

~~~
danesparza
+1 for the fake chip name. "Supereal" takes the cake

~~~
cesarb
"Supereal" might not be the name of the fake itself, it might be just the name
of the mask-programmable microcontroller they used.

"It seems that in this case Chinese designers implemented protocol-compatible
"fake" chip, using mask-programmable microcontroller. This way they only
needed to redo 1 mask - this is much cheaper than full mask set, and explains
a lot of redundant pads on the die."

------
0x0
I hope this causes a major and publicly visible malfunction in some important
device/installation/machinery, of course with no harm done to any persons, but
enough of an embarrasment to really set an example, so no vendor will think of
pulling tricks like these in the future.

Takeaway lesson: End users should never touch anything remotely FTDI-like,
since it's probably impossible to verify if the device is genuine or not.
Wonder if FTDI thought this through.

~~~
npsimons
_I hope this causes a major and publicly visible malfunction in some important
device /installation/machinery, of course with no harm done to any persons_

I actually hope that this _does_ cause an event drastic enough so that FTDI
will have blood on its hands that ends in jail time for management and
engineers. I don't want to see anyone hurt, especially not innocent third
parties, but _fuck_ FTDI, _fuck_ the management who ordered this, and _fuck_
the engineer(s) who didn't quit in protest. I'm not easily offended, but as a
programmer who has been responsible for code that would result in loss of life
if I made it defective by design, I have no sympathy for this sort of thing.
One other thing that I could hope for is that this teaches everyone the true
cost of closed source, especially drivers. Don't put up with it.

~~~
simias
Come on, take a deep breath. We're talking about bricking a serial to USB
chip, not something worth shedding blood really.

As far as unethical behavior by corporation is concerned I really not think
it's even noteworthy.

~~~
npsimons
_We 're talking about bricking a serial to USB chip, not something worth
shedding blood really._

We're talking infrastructure: if this was a civil engineer designing a road to
spontaneously create potholes that would flatten tires on certain brands of
vehicles, they'd be put in the slammer post haste. FDTI has no idea where
their chips and drivers will end up, and as designers of such low-level
infrastructure type devices, it is criminally negligent to intentionally brick
hardware. If I designed a file I/O library to randomly corrupt data when used
on Windows, I'd be criminally negligent.

 _As far as unethical behavior by corporation is concerned I really not think
it 's even noteworthy._

Destroying other people's hardware to try to ensure your profits? No, not
unethical or noteworthy at all.

~~~
namdnay
> if this was a civil engineer designing a road to spontaneously create
> potholes that would flatten tires on certain brands of vehicles, they'd be
> put in the slammer post haste

And if a civil engineer designs a bump in the road that will destroy your
suspension if you are driving above the speed limit they have set, we'd just
call it a speed bump

------
JackC
It's interesting to consider from a legal perspective exactly why this _isn
't_ something a company is allowed to do. (Assuming the company did in fact
intentionally damage people's chips, reversibly or not -- sounds like we don't
know for sure yet?)

\- Intentionally sabotaging someone's stuff, legally, is more or less the same
as intentionally taking it. Keying a car and driving it away might have
different names but are on the same scale.

\- There ain't no self help. If you think someone else's stuff should actually
be your stuff, your path is through a court.

\- We don't fix things with injunctive relief that can be fixed with money.
When Apple proves that Samsung violated a patent or vice versa, we don't
collect and burn all the infringing phones, we just make someone cut a check.
Because we are not idiots.

\- The "someone" who cuts the check is Samsung or Apple, not their customers.
As far as I know no one's managed to go after end users, even in extreme cases
like a $10 designer handbag where the buyer obviously knows it's not real.
(And it's at best unclear whether going after the buyers would make any sense,
even in those extreme cases -- if someone pays knockoff prices for a knockoff
product, it's the seller and not the buyer who has ill-gotten gains. There
might be some additional reputation damage and lost profits that the buyer is
complicit in, but it makes a lot more sense to me -- and apparently everyone
else -- to make the seller pay for those as well.)

\- When you _do_ go after the seller of trademarked goods and want to seize
those goods, we actually have a procedure for that -- Section 34 of the Lanham
Act.[1] Which includes a whole bunch of protections like swearing out an
affidavit, getting permission from a judge, informing the attorney general,
posting a bond to cover damages, conducting the seizure through government
agents, and keeping the seized items in the custody of the court. It's very
much unlike showing up at someone's house and breaking their stuff.

(I am a lawyer; I am not a trademark lawyer; I just googled some stuff based
on vague memories from law school to write this.)

[1]
[http://www.bitlaw.com/source/15usc/1116.html](http://www.bitlaw.com/source/15usc/1116.html)

~~~
JackFr
One could argue that using the official driver with counterfeit chips is
outside intended purpose of the official driver, at which point the user is
proceeding at his or her own risk.

~~~
JackC
I think the counterargument (elsewhere in this thread) is pretty persuasive --
that this defense won't help much if you intentionally set out to damage
counterfeit chips.

Think about it this way. Suppose the driver works like this:

``` if(counterfeit()){ // do something harmful to the identified device } ```

If you have a counterfeit chip, and you run the driver, and the driver breaks
your chip, then you are in fact using the "official driver" for its "intended
purpose." Its intended purpose is to break your chip, and it works just fine.
It just lied to you about its intended purpose in order to persuade you to
install it.

Of course if the code does something that is safe and useful to do on the
legit chip, and just happens to break the counterfeit chip, that's very
different. I don't claim to know which thing is happening in this case.

~~~
jamesbrownuhh
In this case the driver is executing two writes which a legitimate chip would
ignore, but which the counterfeit responds to and actions. Those writes just
happen to be the position in the counterfeit's EPROM where the USB PID is
stored, and just before where the checksum is stored.

~~~
TheLoneWolfling
"just happen"

In what universe can them doing a preimage attack on the checksum "just
happen"?

~~~
jamesbrownuhh
I think you'll find I'm not in any way suggesting that it was a coincidence.
It's a classic Electronic Counter Measure, exploiting the behavioural
differences between the 'real' and 'fake' hardware - EXACTLY the same kind of
thing you'd see being executed against pirate pay-TV smartcards, for example.

------
bri3d
FTDI have been anti-consumer for years - their last several drivers have
introduced intentional instability and Code 10 errors for suspected
counterfeit devices.

I think this is totally crappy. I see what they're trying to do (create market
incentive for consumers to insist on real FTDI chips) but the reality is that
it's just screwing over innocent consumers who buy a device.

~~~
sliverstorm
_screwing over innocent consumers who buy a device_

The consumer isn't exactly innocent.

Hold on, hear me out.

It's similar to black market goods. A consumer wants the lowest possible
price. It turns out the goods he bought are stolen property. He didn't _know_
, but he is not waived of responsibility. If he was truly unwitting he will
not be _prosecuted_ , but the goods will still be repossessed, etc.

Basically, it is the consumer's drive for the lowest price that creates the
market for these illicit goods, so they are not blameless. Additionally,
illicit supply chains are hard to attack and often times the consumer "really
should have known better", so one of the ways to attack that supply chain is
by slapping the hand of the consumer who patronized it, whether or not they
actually _meant_ to buy stolen goods.

It's hard to deal with the "Well it was cheap and he was shady but I just
didn't ask too many questions" purchases; responsibility is very diffuse, with
everyone doing their best to avoid responsibility.

~~~
13
No, that's not the case here. Fake FTDI chips are going to be used in
absolutely everything, products from Alibaba to name brand professional stuff.
It's pretty much guaranteed not everybody has complete control of their
semiconductor supply chain, and even if they do there's an incentive for all
companies to cut costs where they can. A consumer buying a product doesn't
make an informed decision about the type of serial interface in their devices,
much less whether it's genuine or not. There's an expectation that the product
will work and that falls on the manufacturer, who might not even be
responsible either.

~~~
sliverstorm
It shares the critical element of _diffuse responsibility_. Everyone can half-
reasonably shrug their shoulders and say, "Well it isn't MY fault".

If a Sony product happens to have a fake FTDI chip in it, this is FTDI's way
of incentivizing Sony (via angry customers) to manage their supply chain,
because as you say there's an incentive even for Sony to cut costs where they
can- perhaps by turning a blind eye when they get some suspicious batches of
chips for a great price, and claiming ignorance later...

Everyone, in demanding the lowest price no matter what (all the way up the
supply chain) bears part of the blame.

We are of course witnessing a visceral response on the part of HN voters
reacting to my comment, who are exemplifying why this is a hard problem to
tackle. _It isn 't MY responsibility!_

~~~
wtallis
> Everyone, in demanding the lowest price no matter what (all the way up the
> supply chain) bears part of the blame.

Your use of the word "blame" implies that you think there's some wrongdoing on
the part of someone other than FTDI. As far as I can see, there's absolutely
nothing wrong with the production and use of these clone chips except that
they are being labeled with FTDI's trademark. They're piggybacking on FTDI's
software work, but that's nothing that the government has an interest in
stopping. If FTDI doesn't like people using their software without buying
their hardware, they can resort to more traditional means like not giving out
their software so freely or including DRM.

~~~
michaelt

      Your use of the word "blame" implies that you think 
      there's some wrongdoing on the part of someone other than 
      FTDI.
    

I don't see it as particularly controversial to say that, when someone selling
an item claims it's a certain brand, I expect that to be the truth.

For example, if I buy an apple iphone I expect to get an apple iphone and if
the supplier instead sends me a fake I regard that as wrongdoing on the part
of the supplier.

Likewise, if a designer has specified an FTDI part and someone in the supply
chain has substituted a fake, I'd regard that as wrongdoing.

~~~
wtallis
Right. That would be the trademark infringement I mentioned. But aside from
that, the fakes _get the job done_. Aside from who ends up getting the
revenue, it's basically no different than if FTDI started producing a new
revision of the product that had a different internal layout. Accidental
second-sourcing doesn't really hurt anyone other than the first source.
Everyone downstream of whoever bought the counterfeits is innocent, and even
the company that procured the counterfeits has probably only made forgivable
mistakes given that the counterfeits are near-perfect substitutes. The
supplier of the counterfeits is guilty of trademark infringement, but is
otherwise fulfilling all their obligations to provide the required component.

~~~
michaelt

      Accidental second-sourcing doesn't 
      really hurt anyone other than the 
      first source.
    

It hurts the entire electronics industry industry if I can't trust that a part
is what it's labelled as, or if I can't trust a supplier not to deliver fake
parts.

If your suppliers can substitute a fake FTDI part, why not label 10% precision
resistors as 1% precision, or label 1,000-operating-hour capacitors as
30,000-operating-hour, or label parts that failed temperature range binning as
having passed temperature range binning?

And the people who really lose out from this aren't the Apples and Samsungs of
this world, who do enough business that the promise of future work can keep
the suppliers honest - it's the small manufacturers and kickstarter projects
that aren't big enough to have the leverage to keep their suppliers in line.

~~~
wtallis
None of that corner-cutting is being alleged here. Nobody but FTDI has been
complaining about the counterfeits. This has every indication of being more
like a big pharmaceutical company complaining about generic drugs. If these
clones are actually deficient in some way, then they're a much bigger problem,
but that doesn't seem to be the case here.

------
duncan_bayne
I tried reporting this to Microsoft; their handling of calls to report
security vulnerabilities was just horrendous.

=====

Hi,

I've been advised to email this address by 'XXXX' at Microsoft Support.

FTDI is shipping a malware driver for Windows; if it detects what it thinks is
a counterfeit device plugged in by USB, it bricks it. Details here:

[http://www.eevblog.com/forum/reviews/ftdi-driver-kills-
fake-...](http://www.eevblog.com/forum/reviews/ftdi-driver-kills-fake-ftdi-
ft232/)

I've also attempted to report this by phone as suggested by XXXX. I've never
experienced such difficulty trying to report a security issue; I'd have
expected that you'd have processes in place, but apparently not.

My first attempt was met by a CSR who informed me that he knew of no protocol
for reporting security issues, and that he couldn't help me because it wasn't
directly effecting my computer. He then hung up on me when I asked to speak to
a supervisor.

Second call got me a much more helpful chap, who after conferring with a
supervisor, transferred me to professional services. The person I spoke with
there said they also didn't have any security reporting protocol, or if they
did, he didn't know about it. When I said the issue could effect thousands of
devices, he transferred me through to 'corporate'.

I ended up going through an IVR system to an operator, who was no help
whatsoever. She was entirely the wrong person to speak to; she was also
completely ignorant of any security reporting process, and didn't know who to
transfer me to.

Could you please call me on +61 XXX XXX XXX to acknowledge receipt of this
report, and to discuss it? Thanks.

=====

~~~
duncan_bayne
An update to this: the security folks have told me it’s not a security issue,
but they’re forwarding it to the appropriate team.

Perhaps I’m biased, but I’d have thought that a Windows Update that ships
malware that bricks thousands of consumer devices without warning would
constitute a security issue.

But hey … at least they’re actioning it, and they responded so quickly. So,
FYI: if you have a security issue to report to Microsoft, do it by email.
Phone staff are utterly, completely useless for this.

~~~
azernik
Bureaucratically, it probably _isn 't_ a security issue for Microsoft; they
have a separate department (probably legal, although maybe a separate hardware
vendor relations group) that is much better at dealing with a named, legal
organization like FTDI.

------
SunboX
Official response from @FTDIChip:
[https://twitter.com/mikelectricstuf/status/52491736815449292...](https://twitter.com/mikelectricstuf/status/524917368154492929)

~~~
drzaiusapelord
This is so incredibly tone-deaf and borderline childish, its shocking how
badly FTDI as a company is run. It sounds like its run by a handful of pissed
off neckbeards who don't know how bad publicity and a class action suit could
destroy their company.

------
swamp40
I think FTDI might be shooting themselves in the foot here.

Plugging in a USB is messy, and you will sometimes get an "Unrecognized
Device" error, which you simply fix by unplugging and replugging.

I could see a similar hiccup causing their driver to sometimes "brick" a
legitimate device.

Then this false positive ripples back to a manufacturer who bought 50,000 of
those chips on the last run, and thinks they might all be fake...

It turns everything into a huge mess.

Very poor management decision, and shame on the engineers for implementing it.

------
tdicola
Ouch, something tells me the Arduino, Raspberry Pi, etc. forums are going to
be full of people that are confused why they can't talk to their device
anymore. IMHO it's pretty bad to target the consumers who probably don't even
know or care that there's an FTDI chip in their device. Certainly am not
condoning piracy of the chips, but wonder if there's a better way of handling
the situation than breaking everyone.

~~~
alyandon
Wow. That is seriously uncool.

I'd never even heard of FTDI before but they can rest assured that if I ever
need a USB-to-UART chip that FTDI won't be the company I choose to buy. FTDI's
drivers refusing to work with the fake parts is understandable, purposely
reprogramming them to make them non-functional isn't.

~~~
wdewind
> purposely reprogramming them to make them non-functional isn't

Dumb question maybe, but why?

~~~
jerf
In addition to the other posted replies, it's bad software engineering. You
really can't be confident enough in your logic to ever start issuing
DESTROY_HARDWARE() commands of any kind, short of the small set of very
specialized programs that may be deliberately used for such things (FPGA
programmers, etc). Any error whatsoever and you may end up nuking your real
customer's hardware. Bad plan. Same reason why programs that think they are
pirated shouldn't run around being actively destructive... some real customer
_will_ find some way to tickle that code, if only through bad hardware, and
now you're in trouble.

To a first approximation, all code eventually runs. Relatedly, never put an
error message into your product you wouldn't want customers to see, because
they _will_.

~~~
wdewind
Thanks, that's a great answer, but I guess I'm curious about legal/ethical
considerations.

~~~
Vendan
I can't find it anywhere, but I remember reading about a software company that
wrote an office suite for early computers (like DOS or possibly even pre-DOS),
that would detect if it was a legal copy, and if it wasn't a legal copy, would
delete your data. I seem to recall that they got slammed by the legal system
pretty hard, which is one possible reason for why software companies don't do
it nowadays. I personally see this as an action on par with, or worse then,
the software company I mentioned's actions.

------
dogecoinbase
Hackaday has a good short summary of the situation:
[http://hackaday.com/2014/10/22/watch-that-windows-update-
ftd...](http://hackaday.com/2014/10/22/watch-that-windows-update-ftdi-drivers-
are-killing-fake-chips/)

~~~
adamfeldman
Elsewhere Hackaday links to a Russian microelectronics company's blog[1],
where they decapped real and fake FTDI chips and found that:

"It seems that in this case Chinese designers implemented protocol-compatible
"fake" chip, using mask-programmable microcontroller. This way they only
needed to redo 1 mask - this is much cheaper than full mask set, and explains
a lot of redundant pads on the die. Fake chip was working kinda fine until
FTDI released drivers update, which were able to detect fake chips via USB and
send only 0's in this case. It was impossible to foresee any possible further
driver checks without full schematic recovery and these hidden tricks saved
FTDI profits."

[1]: [http://zeptobars.ru/en/read/FTDI-FT232RL-real-vs-fake-
supere...](http://zeptobars.ru/en/read/FTDI-FT232RL-real-vs-fake-supereal)

------
chrissnell
This reminds me of the Sony music CDs that came with a rootkit to prevent
theft of their IP:

[http://en.wikipedia.org/wiki/Sony_BMG_copy_protection_rootki...](http://en.wikipedia.org/wiki/Sony_BMG_copy_protection_rootkit_scandal)

There were lawsuits and Sony ended up having to distribute a removal tool.

------
noonespecial
Absolutely everything with an FTDI logo on it in the wild is now suspect.

They didn't preserve their brand with this action, they just destroyed it.

------
beagle3
Does this qualify as a CFAA violation? I think so and for monetary gain, no
less. I would like to hear why wouldn't the DA that leaned so hard on Swartz
wouldn't do the same FTDI's CEO.

~~~
jrockway
Technically the counterfeit devices should have never been allowed into the
country. So it should be interesting how this plays out.

~~~
beagle3
Are they actually counterfeit?

Legally, I'd be surprised. They are re-implementing the FTDI protocol, which
is completely legal. They are reusing FTDI's PID/VID, which might or might not
be a violation of the USB specs or USB recommendations -- I'm not sure about
that -- but I'd be really surprised if that matches the legal definition of
"counterfeit" for which customs has the right (and duty) to stop imports.

~~~
jrockway
I'm guessing they intended to go after devices sold as FT232s with the FTDI
logo on them. If there's collateral damage, that could be a problem.

Then again, the users _did_ agree to let that happen in the clickwrap
agreement, so it's still uncertain.

Either way, I'm readying the popcorn. This should be interesting.

------
duncan_bayne
FTDIs own website says their chips are used on _medical_ _devices_ :

[https://twitter.com/JohnnySoftware/status/525092883125506048](https://twitter.com/JohnnySoftware/status/525092883125506048)

Let's hope that all the manufacturers are 100% certain of their supply chains,
from top to bottom. And that there are no bugs in the driver that might cause
inadvertent bricking.

Way to go, FTDI.

------
dmitrygr
IF this is on purpose and can be proven so, it is most definitely illegal!

~~~
spiritplumber
All they have to say is "We write our drivers to support our chips, if it
messes with other chips that incorrectly identify as ours, that's just the way
it went, it'd cost us extra to support them and why should we help our
competitors". Practically impossible to prove otherwise.

~~~
DannyBee
"All they have to say is "We write our drivers to support our chips, if it
messes with other chips that incorrectly identify as ours, that's just the way
it went, it'd cost us extra to support them and why should we help our
competitors"."

Buzz, thanks for playing. :)

That won't get them out of discovery for various torts, and the discovery
(emails, code, etc) is likely to show they did this on purpose.

It's not practically impossible, it's trivially easy to disassemble and see if
it does this on purpose. Then you argue it to a jury, and it's going to look
really really bad for FTDI.

~~~
Tomte
I wish German civil law had something like your discovery process.

Over here the claimant probably would not be able to peek into the defendant's
stuff.

Especially if he can't specifically claim "on march 10th, Mr. Meier sent an
email to Mr. Schmidt discussing topic X".

A simple "hand over your mails about the matter at hand" would be ruled a
"fishing expedition", not admissible as a motion to discover.

------
imrehg
I'm designing an Arduino-compatible board[1] that supposed to have an FTDI
chip for ease of design. This whole thing makes me reconsider it, what would
be the best way to replace it some other solution? Do I have any real option
if I want to stay within the Open Parts Library[2]?

[1]:
[https://www.hwtrek.com/product_preview/VTZUZV9k](https://www.hwtrek.com/product_preview/VTZUZV9k)
[2]:
[http://www.seeedstudio.com/wiki/Open_parts_library](http://www.seeedstudio.com/wiki/Open_parts_library)

~~~
rasz_pl
Best way would be designing it with GENUINE parts instead of planning to
populate your own boards with ebay specials.

~~~
Vendan
People are allowed to choose the parts they want to use. I call it voting with
your wallet. Maybe FTDI will realize that people don't want to use their
products when they pull stunts like this.

~~~
rasz_pl
So basically "we will show FTDI by CONTINUING to not use their parts at all".
People affected didnt want to use FTDI parts in the first place, they wanted
fly by night $2 with free shipping special.

~~~
Vendan
No, it's more "I could use FTDI parts(and I bet someplace like seeed would use
the real thing), but if they are going to release drivers that have a kill
command baked in(and we've seen that it's on purpose), I'm not gonna use them"

~~~
rasz_pl
actually seed is one of confirmed sources of fakes :) someone had one of these
[http://www.seeedstudio.com/depot/UartSBee-V5-p-1752.html?cPa...](http://www.seeedstudio.com/depot/UartSBee-V5-p-1752.html?cPath=19_21)

go pid 0

Seed is a small shenzhen company, I woulndt expect them to have legit parts to
begin with anyway.

~~~
Vendan
so, yay, go with something other then FTDI, cause other companies don't seem
to have the same fascination with killing clone chips. Alas, other companies
actually try to make stuff cheaper and have more features.

------
cnvogel
Here's someone claiming to have found the responsible function in a driver.

PLEASE NOTE: ALL NAMES HAVE BEEN CHOSEN FREELY BY THE PERSON WHO MADE THE
SCREENSHOT! So there's no name "BrickCLoneDevices()", it's probably called
UpdateEEPromChksum or something like that in the original code, because it
looks like that's what it does.

[http://www.eevblog.com/forum/reviews/ftdi-driver-kills-
fake-...](http://www.eevblog.com/forum/reviews/ftdi-driver-kills-fake-ftdi-
ft232/msg535270/#msg535270)

Assuming that this disassembly/decompiled code indeed is genuine, the
interesting thing is explained in the 2nd comment block: A genuine FTDI device
seems to be designed such that a write only to the offset that stores the PID
is ignored, hence for a genuine part this code will only update the word at
offset 62, and that would be matching the functionality to just update the
eeprom checksum.

For comparison, here's a random mainling-list post which includes a dump of
the 232 eeprom. The VID/PID is stored at word 1 and 2 of the eeprom, something
that could be a checksum is down at the word with offset 0x7f (word 0x3f = 63?
There's probably a off-by-one here).

[http://developer.intra2net.com/mailarchive/html/libftdi/2009...](http://developer.intra2net.com/mailarchive/html/libftdi/2009/msg00306.html)

~~~
makomk
Neither write has any effect on a genuine FTDI chip because both writes are to
even addresses. That's also why they write to word 62 even though the checksum
is in word 63 - they can't modify the checksum directly because that'd affect
genuine devices, so instead they modify word 62 so that the data has the same
checksum as before their changes. The entire thing has no purpose other than
bricking clones.

------
jjoonathan
Does anyone know of good FTDI alternatives? Are there any clone makers that
are relatively legit (i.e. they put their actual brand name on the chip, they
support drivers, etc)? At $4.50 a pop for bog-standard bit-banging in a day
and age where you can get ARM M4 SoCs for $2.75 a pop (n=1 prices) I would
think FTDI would have more above-the-table competition than they do.

Is the subterfuge required for illegitimate cloning really that much easier
than getting a website, writing docs, and supporting drivers?!

~~~
bradfa
As mentioned in the eevblog forum, Microchip make the MCP2200 which is about
$2 in single quantities. Seems similar in features to FT232 chips and
reasonable in price.

[http://www.microchip.com/wwwproducts/Devices.aspx?product=MC...](http://www.microchip.com/wwwproducts/Devices.aspx?product=MCP2200)

~~~
markrages
The Microchip part needs an external crystal or ceramic resonator for a time
reference. The FTDI part doesn't need any external parts beyond bypass caps.

~~~
XorNot
If you're already soldering, a crystal isn't so much work or expense these
days.

------
orik
Me and my buddy were going to work on a couple of projects last weekend and
got bit by this.

The workaround once your chip has been flashed by the new driver is modifying
the driver to communicate with devices that have a PID of 0.

------
Aissen
So how does this work ? Hector Martin gives us a glimpse:

Commented reverse engineering assembly:
[https://twitter.com/marcan42/status/525126731431038977](https://twitter.com/marcan42/status/525126731431038977)

So they are rewriting the USB Product ID in EEPROM, only on "fake" chips,
hence the Windows USB driver doesn't recognize the device anymore. It should
be reprogrammable using the right tools.
([https://twitter.com/marcan42/status/525134266112303104](https://twitter.com/marcan42/status/525134266112303104))

What allows them to do things differently on different chips: "Figured out the
real/clone FTDI difference: EEPROM is written in 32bit units. Even writes are
ignored (buffered), odds write both halves."
[https://twitter.com/marcan42/status/525194603746426881](https://twitter.com/marcan42/status/525194603746426881)

And some wisdom:

"For those unfamiliar with embedded engineering: most USB (and other) devices
can be bricked if maliciously attacked." "Assume ALL devices are brickable by
evil code unless proven otherwise. This isn't news. Most devices make no
attempt to protect themselves."
([https://twitter.com/marcan42/status/525137221431463937](https://twitter.com/marcan42/status/525137221431463937)
[https://twitter.com/marcan42/status/525137463107272704](https://twitter.com/marcan42/status/525137463107272704))

------
Zizzle
I foresee an arms race here.

Next gen FTDI clones will work around this driver detection. Next FTDI driver
has new detection code.

Iterate until the counterfeit chips are indistinguishable from the real thing
via software.

~~~
mariuolo
> Iterate until the counterfeit chips are indistinguishable from the real
> thing via software.

Will they still cost less?

~~~
TheLoneWolfling
Probably

~~~
jessaustin
But... innovation!

Seriously, though, this just looks like extracting economic rents from the
fact that their vendor ids come pre-installed in certain OSes.

------
qnaal
The real world is a lot like cyberpunk except instead of exciting it's
frustrating.

------
igmac
Sounds like a company about to loose very badly in court, and who will shortly
have to write out an apology on their cheque book.

Intentionally sabotaging customer equipment will lead to all sorts of data
loss and consequential damages issues.

As @Someone1234 said below, FTDI needs to pursue legitimate channels to
protect their IP.

Ouch...

Time for the CEO to reach for that third envelope and write to his successor.

------
cschneid
Can somebody give me the background here? What is a FTDI FT232s?

It appears to be a fairly low level USB controller chip? Is this chip (or its
ilk) in every kind of usb device? What is the impact of this?

Most of this article dives in with a fair bit of preexisting knowledge - can
somebody fill me in?

~~~
dfox
FT232 is USB to serial port adapter chip. Typical application of these chips
is anything that has to be connected to USB but does not warrant full-featured
USB implementation. This includes various interface cables and converters,
(low-cost or specialized) test and measurement equipment and large amounts of
various (semi-)custom electronics (both hobbyist and industrial).

In essence, FTDI's chips are the go to solution for adding USB support when
you don't want to spend too much time on it. I would argue that today there
are better and cheaper alternatives, but FTDI was probably the first vendor of
such chips with reasonable documentation and software support.

------
smilekzs
FT232 isn't very stable to begin with. CP210x is a much better alternative
from my experience with FT232, PL2303 and CP210x.

~~~
stinos
Can you elaborate on your problems with FTDI? We're refactoring some hardware
with FT232, smallest package I think, and alternatives are welcome. Would
CP210x allow for lower latency/less stalls on Windows or are the FTDI limits
on that point just the limits of the usb stack on Windows?

~~~
smilekzs
FTDI isn't very stable on long runs, say, a few days. Buffers get corrupted
(nothing wrong on the MCU side as we tested) and all the PC side receive is
garbage.

------
ChuckMcM
Interesting situation. Given that "drivers" for USB serial ports are now
boiler plate, why not just have some Chinese company buy the USB VID code from
the USB Consortium and then agree that everyone will make chips that export
that?

------
JasuM
I wonder if anti-virus and anti-malware companies will add this to their black
lists.

~~~
jessaustin
Can they do that to Windows Update stuff? That would be amusing...

------
mmagin
As mentioned, Prolific's USB serial driver previously dropped support for
counterfeit some Prolific chips, albeit not in quite as nasty of a way.

~~~
seanp2k2
And I'm totally fine with that, even though that also creates a bad UX,
especially for users who previously had a working thing, updated their driver
/ software, and now have a broken thing.

Really hope everyone starts dumping FTDI and they end up in a class-action
lawsuit. USB <-> serial converters are a commodity these days, regardless of
what these goons think. If they can't compete in a free market, they should
find something else to do or go out of business.

~~~
joezydeco
They're a commodity because they're all using counterfeit FTDI and Prolific
chips.

~~~
makomk
The counterfeit FTDI chips are apparently reimplemented from scratch using a
completely different design, one based around a USB microcontroller of some
kind. They're a commodity because they're really easy to create.

~~~
rcxdude
Yeah, I never really understood how they justified the prices on their chips
when you could literally code the same thing in a week or two on a micro which
was half the price. About the only reason I see to use them is they have quite
neat pre-made cable assemblies.

~~~
bsder
The analog side. Being able to do the voltage regulation and oscillator
operation without external components is actually non-trivial.

~~~
Vendan
The half the cost parts already have internal oscillators, and I have yet to
see a use of an FTDI type chip where there's no other microcontroller, so you
have voltage regulation already, not to mention the 5V from usb. All your
points = invalid.

~~~
bsder
> I have yet to see a use of an FTDI type chip where there's no other
> microcontroller, so you have voltage regulation already, not to mention the
> 5V from usb. All your points = invalid.

Um, I don't understand what use case you have that has a microcontroller and
would _ever_ want to use an FTDI chip. As you point out, if I have a
microcontroller, I have voltage regulation, and I likely have USB and a UART.

I _will_ point out that 5V USB isn't all that useful by itself. Most
microcontrollers won't work natively at 5V, so you need a regulator, and you
need to obey the USB inrush specs, and you probably need a switching regulator
since you only nominally have 100mA (even though everything normally supplies
more nowadays), etc.

There are only two times I want to use an FTDI chip:

1) I have some old thing that I have to update that A) uses RS232 and B) is
standalone.

2) Somebody Else's Problem -- the software idiots are _insisting_ on RS232
communication to something and that idea is stupid or redundant (it already
has an SPI or I2C interface that is much better and there is a
microcontoller). I can slap a USB micro connector and one of these chips on
the board and tell the software guys to get lost until they pull their heads
out of their asses.

~~~
Vendan
Yes, but what you are trying to say is that oscillators and voltage reg are
really complex and hard, but they aren't, parts that are half the cost have
them and much much more complex functionality. The best argument I've seen so
far is that the FTDI stuff has additional functions, like built in GPIO pins,
which other USB-RS232 converters don't have. IMHO, the FTDI stuff is just way
too expensive for what it does. For example, look at Silicon Labs
C8051F387-GM. Tiny little chip, runs off of 2.7v to 5.25v, talks USB, has an
internal oscillator, and costs $1.72 per unit. FT232RL only goes as cheap as
$2.65 per unit if you order 2000. Talk about a major price difference...

------
JasuM
This seems to be reversible:
[http://www.reddit.com/r/arduino/comments/2k0i7x/watch_that_w...](http://www.reddit.com/r/arduino/comments/2k0i7x/watch_that_windows_update_ftdi_drivers_are/clgviyl)

------
voltagex_
If anyone's still reading - here's annotated disassembly:
[https://pbs.twimg.com/media/B0mf-
pmCIAAoPxS.png:large](https://pbs.twimg.com/media/B0mf-pmCIAAoPxS.png:large)

~~~
AlyssaRowan
I confirm this is an accurate analysis of the code - and that it's definitely
intentional, malicious copy-protection software.

Wow. I haven't seen something this spectacularly dumb in a while. Should be
entertaining! :)

------
fn42
Thanks for the heads up, this will probably affect us car nerds too (I'm sure
my cheapo KWP2000 cable has a fake FT232)

~~~
stinos
heads up indeed, might even get some heads rolling.. The FTDI chip is the sole
means of communication in a major product of a startup I know. If the chips
are fakes and customers are left with useless devices that's going to
seriously hurt reputation and income.

------
swimfar
How is this much different from what is done with other counterfeit
goods[1-4]? Is it because they aren't going through legal channels to do it?
But these all are counterfeit, so the end result is the same, right? When
counterfeit goods are found, they are seized and destroyed. I can see people
getting upset about this, but I'm surprised at the unanimous response to it.

[1]Car bodies: [http://autoweek.com/article/car-news/mercedes-and-daimler-
cr...](http://autoweek.com/article/car-news/mercedes-and-daimler-crush-300sl-
gullwing-imposter)

[2]Guitars: [http://thehub.musiciansfriend.com/bits/feds-seize-
over-185-c...](http://thehub.musiciansfriend.com/bits/feds-seize-
over-185-counterfeit-guitars-in-nj)

[3]Carrying bags: [http://www.hamm.eu/en/aktuelles-und-
presse/news/2009/2009-04...](http://www.hamm.eu/en/aktuelles-und-
presse/news/2009/2009-04_Reisenthel_Plagiate.html)

[4]Clothing: [http://www.nytimes.com/2014/01/31/nyregion/trademark-
trumps-...](http://www.nytimes.com/2014/01/31/nyregion/trademark-trumps-
charity-so-us-will-destroy-bogus-nfl-jerseys.html?_r=0)

~~~
jessaustin
[EDIT: redacted unnecessary aspersion.] In none of the links you provide are
authorities taking or destroying property that consumers already bought.
Rather, they're taking property from distributors who theoretically could have
known better than to purchase the "counterfeits" in the first place. Can you
think of any interesting way that LEOs taking property from distributors is
similar to a private party destroying the property of consumers?

~~~
swimfar
It was an honest question, and that's the kind of answer I was looking for. So
maybe once it's been sold nothing can be done about it(unlike stolen goods,
which is obviously a different case).

edit: According to a professor at the Fashion Law Institute at Fordham
University, buying counterfeit goods is only illegal in France and Italy[1].
US customs even allow people to knowingly bring one counterfeit good into the
country.

[1] [http://bucks.blogs.nytimes.com/2010/10/28/the-legality-of-
bu...](http://bucks.blogs.nytimes.com/2010/10/28/the-legality-of-buying-
knockoffs/)

------
andmarios
This is one of the many reasons to use Linux and free software on your
desktop. :)

------
mey
I haven't gotten into the DIY/Hacker/Arduino stuff but it seems like there
would also be plenty of consumer devices that may be impacted that don't have
correct supply chain control (or care about the source of their chips).

I wonder if Windows will pull the driver.

~~~
duncan_bayne
Microsoft has confirmed that they're aware of the issue, and are
investigating. No news yet on what (if any) action they'll take. But I'd
expect they'll do something, as it would appear to the end user that "Windows
Update broke my $DEVICE".

~~~
mey
Yeah, Microsoft has a pretty robust hardware lab as part of WHQL
certification. I would expect there would be some off brand devices containing
this chip in their lab.

~~~
duncan_bayne
Or on-brand. One of the things that makes FTDIs decision _so_ bad is that even
a reputable manufacturer could be caught out by fraud somewhere in their
supply chain.

------
swamp40
They are getting pummeled on Twitter now, as well.

My guess is an 8am meeting in Glasgow (about 8.5 hours from now), followed by
an apology and an updated driver announcement at 10am.

------
jbagel2
I threw together a little util for correcting the PID you still have to fix
the driver yourself, but I put info in the readme.. Since most of the issues
are on Windows systems, its a little WPF app.

[https://github.com/jbagel2/FIX_BROKEN_FTDI_PID](https://github.com/jbagel2/FIX_BROKEN_FTDI_PID)

------
jhallenworld
The real problem here is that USB does not define a standard interface for an
RS-232 adapter. Proprietary drivers should never have been required for these.
Same deal for Centronics printer adapters.

~~~
userbinator
It does, it's called CDC and there are plenty of other adapters that use it.
Which is why I think the popularity of FTDI adapters is surprising in some
ways.

~~~
dfox
The problem is that on Windows you still need .inf file with correct VID/PID
(this is the case for eg. MCP2200). So for typical user there is not much of
an difference between CDC and proprietary driver.

------
Aissen
Finally ! Someone made a proper Linux to guarantee genuine FTDI products:

[https://lkml.org/lkml/2014/10/23/129](https://lkml.org/lkml/2014/10/23/129)

------
stuaxo
People should be complaining to microsoft to get these malicious drivers
blocked and older non-malicious ones reinstated.

------
cgtyoder
So what are the actual products that are getting bricked? Curious about the
end result of all this.

------
dammitcoetzee
FTDI Makes fantastic chips though.

------
rasz_pl
Those devices are NOT bricked/broken! They are ABSOLUTELY FINE. You just need
to use proper driver straight from the _real_ manufacturer - Supereal
Microelectronics (or whatever).

Feel free to ask "Suzhou Supereal Microelectronics" for a working driver for
your counterfeit device.

~~~
deelowe
You realize reverse engineering is legal and actually protected by law right?
Tampering with other vendors' computer systems is not (in the software world
that's called maleware).

The "counterfeiting" issue is a trademark problem only. In other words, the
only thing wrong here is that the Chinese manufacturer stamped FTDI on their
chips. There's nothing in trademark law that says it's OK to use these tactics
to combat the issue. Why would there be? The two are completely orthogonal to
each other. If there are chips out there that emulate FTDI and do not have the
logo, FTDI has most certainly broken the law. As others have pointed out, this
would be like Intel damaging AMD chips simply because they identify themselves
in a similar manner. (again, minus the bit about trademark which is again,
orthogonal to what FTDI has done here).

~~~
rasz_pl
Someone reverse engineered FTDI driver on the EEVBlog forum and its not
specifically detecting fakes. Its doing EXACTLY SAME procedure without
discrimination - it is issuing illegal (and ignored on real chip) write to
eeprom.

There is no detection, just some fuzzing with illegal instructions.

