Slashdot Mirror
FTDI Reportedly Bricking Devices Using Competitors' Chips.
janoc writes It seems that chipmaker FTDI has started an outright war on cloners of their popular USB bridge chips. At first the clones stopped working with the official drivers, and now they are being intentionally bricked, rendering the device useless. The problem? These chips are incredibly popular and used in many consumer products. Are you sure yours doesn't contain a counterfeit one before you plug it in? Hackaday says, "It’s very hard to tell the difference between the real and fake versions by looking at the package, but a look at the silicon reveals vast differences. The new driver for the FT232 exploits these differences, reprogramming it so it won’t work with existing drivers. It’s a bold strategy to cut down on silicon counterfeiters on the part of FTDI. A reasonable company would go after the manufacturers of fake chips, not the consumers who are most likely unaware they have a fake chip."
Update: 10/24 02:53 GMT by S : In a series of Twitter posts, FTDI has admitted to doing this.
Now consumers are becoming aware that there's a massive counterfeiting problem and can be better educated to ask their vendors "Hey, is my device legit?" I certainly had no idea that this was going on.
If you were me, you'd be good lookin'. - six string samurai
FTDI hit with class action lawsuit, goes bankrupt after angry consumer sue them out of existence.
What a bunch of fucktards....
A component manufacturer is unhappy that someone else is using his product id so he puts code in a driver that sets the product id to zero. This prevents the fake component being recognized by his driver or any other driver. The license for the driver explicitly states that using the driver with a fake component may irretrievably damage the component.
If the component manufacturer doesn't want the fake product to work with his driver he can code his driver to ignore the fake. Modifying the product id to brick the component is another matter entirely.
This doesn't hurt the people who created the fake, or even the people who purchased the fake and used them in their manufacturing. It only hurts end users who have done nothing except purchase a product in retail channels. Deliberately destroying equipment because it uses a fake component goes to a whole new level of nastiness.
Seems like it should be!
Do they write the drivers for Apple too?
Go after the infringers? HA. You can't do shit to some nameless, here-one-day-gone-the-next Chinese outfit.
Why should they let people ride their coattails for no compensation? To be fair, bricking a device is a little overkill, and simply refusing to recognize a fake device may have been a better approach.
It looks like they are trying to hide behind their EULA, which says that "Use of the Software as a driver for a component that is not a Genuine FTDI Component MAY IRRETRIEVABLY DAMAGE THAT COMPONENT." But there are reports that this new driver is being delivered via Windows Update, which presumably doesn't show you this EULA.
Microsoft would be wise to pull this update.
Now that we know it's happening we can all join the class action lawsuit which will utterly bankrupt FTDI because what they are doing is illegal and they can be held liable for damages, which could easily run into the billions.
Is it just my observation, or are there way too many stupid people in the world?
Most people won't have any technical knowhow to understand why their device bricked, just that it bricked. Bricked devices will be blamed on the device manufacturer not the chip supplier.
It might hurt their business, but there is no possible "class action lawsuit" which would fly in this case.
yep they make just as bad drivers for OSx
"A reasonable company would go after the manufacturers of fake chips, not the consumers who are most likely unaware they have a fake chip."
You go try to chase down random Chinese outfits pumping out fake chips.
Fuck systemd. Fuck Redhat. Fuck Soylent, too. Wait, scratch the last one.
I've used FTDI products for *years* and with just a very few exceptions have had zero issues with compatibility and performance. They are my number one supplier of USB to serial chips, and I still don't have any issues recommending them. Their drivers are very stable, and they work hard to make them for every platform. If they want to go after the counterfeiters, more power to them. Filing a lawsuit against a small shell company selling back-room chips pretending to be FTDI chips won't do any good. Brick a thousand shitty chips and things might change.
LOAD "SIG",8,1
LOADING...
READY.
RUN
In a previous company we had about 6 months of work arounds for their shitty driver. Some versions that were Win certified blue screened our production computers. Their tech support was next to useless.
Hope that they burn in the fires of hell.
Device manufacturing companies may just avoid FTDI chips outright. This is especially true if some suppliers are mixing the real chips with the counterfeit chips.
Worse, since it's coming through Windows Update, the engineers working on Windows Update might outright blacklist FTDI. And Microsoft would be at least partially liable for any bricked device, which would make their lawyers a bit uncomfortable. I wouldn't be surprised to see Microsoft release a patch in the future to automatically unbrick the affected devices.
"If a nation expects to be ignorant and free in a state of civilization, it expects what never was and never will be."
LITTLE overkill? Bricking something I paid my hard earned money for is a great way to get punched in the mouth.
Never mind your feeble class action lawsuit. Let their executives or other staff responsible travel to a country where unauthorized computer access causing this kind of damage is a criminal offence!
Then let them stand up in court and argue with a straight face that the user of a device that without the user's knowledge contained an alleged counterfeit component had authorised them to install software that was actively designed to impair the use of that device.
If you disagree, post your argument. (-1, Overrated) isn't your personal censorship tool for views you don't like.
I can't agree with you but I admire your chutzpah. And your smartly designed uniforms.
Unless the non-FTDI chips are using some patented technology without permission, or are using FTDI trademark, they are doing no wrong. Second-sourcing of integrated circuits has been going on for at least 45 years, and it's completely legal. The fact that their silicon looks completely different indicates that the copiers are not violating copyright as far as the chip is concerned. Unless I'm missing something, FTDI is engaging in willful destruction of private property and should suffer immense fines.
Contribute to civilization: ari.aynrand.org/donate
But whose fault is that? FTDI for protecting their designs and IP, or the manufacturer who went with knock-off chips?
And if the slick salesperson lies and says "yes, they are legit"?
It's a mistake in my opinion to dump this problem onto the consumer; it's not realistic for them to police all the parts of gizmos they buy.
Table-ized A.I.
The fake chips that have FTDI stamped on the outside of the package are clearly misusing the FTDI trademark. On the other hand, those that don't cheat with the labels, and only use the string "FTDI" so they will inter-operate with existing software should be legal. I am not a lawyer. My opinion of what should be legal may not match what the courts rule as legal.
1) Learn to identify counterfeit FTDI chips
2) Refuse to buy anything labeled FTDI because it might brick
Wait - "FTDI has started an outright war?"
Ok, so the cloners copy the design (that FTDI paid for), steal the VID (that FTDI paid for), and then by clear intention, use the FTDI driver (that FTDI paid for), and you say FTDI started a war?
Really? Good for FTDI. The supply chain will get purged of the counterfeit material faster this way then any lawsuit could.
Seems like a clever solution to me.
The user didn't harm FTDI.
Yes they did. Buy buying a knockoff product (counterfeit) directly harms the maker of the real, and diminishes the value of the real. If you buy a Rodex watch, expecting it to be exactly like a Rolex watch, you have harmed Rolex. If you buy a Frod Car, instead of a Ford Car, you have harmed Ford.
And while bricking a device is harsh, I have no problem with an updated driver for FTDI chips harming faked FTDI chips. None at all.
Agent K: A *person* is smart. People are dumb, stupid, panicky animals, and you know it.
One of those two, sure.
But neither of them are being hurt. The consumer is.
unless there's some other information missing that wasn't reported, this appears to just make the devices no longer functional with the new FTDI driver (it only sends 0s instead of valid control/data).
How would I know if my device is legit? I needed a USB to serial adaptor. I went to google and searched cheap usb to serial adaptor and bought the cheapest one. I didn't lookup who made the chips the company that made the adaptor used. I didn't know who FTDI was until this article.
All I cared about was a cheap way to get access to my switches. Yet I'm the one who has to deal with their bullshit (potentially).
> By buying a knockoff product
Are you talking about an unattributed result of a purchase event, or are you pretending that's a deliberate action every buyer knowingly made?
It's not your aunt's fault that Christmas sucked. Please don't harbor the idea that she intentionally wanted to ruin it. She thought you'd be delighted! It said 1,000 games on the box! 1,000 games!
I'm not some victim-villain blame-game SJW, but c'mon, don't blame your Nana.
The old Slashdot would have had a link to a solution, if not in the summary at least in the comments.
The headline should say "counterfeiters". There's a difference.
So FTDI is pissed that counterfeiters are using FTDI PIDs in their counterfeit chips so that the counterfeit chips get the benefit of FTDI drivers. I certainly sympathize with their gripe there. So FTDI is saying, "Don't use our PID" and setting the PIDs to 0 in counterfeit chips.
My guess is that FTDI didn't really think through the implications of that, that setting a PDI of 0 would brick the chip. What they should have done is just set the PID to some generic USB CDC serial port so that the counterfeit chips would no longer use the FTDI driver and would no longer show ups as FTDI chips to the OS.
This very could have been more of an "oops, sorry about that dude" than an "I KILL YOUR CHIP NOW! MOOHAHAHHA!"
They don't grade fathers, but if your daughter's a stripper, you fucked up. --Chris Rock
My $3 generic eBay FTDI clone USB->Serial cable (that I bought to program my Baofeng radio via Chirp) came with no drivers and Windows pulled down the real FTDI driver. Over the summer, it only worked sporadically. Usually didn't work. Swapping out the cable for a $12 legit cable from Trendnet solved all issues. It isn't just that these chinese places are making a clone, it's that they are making a crappy sort-of compatible clone and passing it off as the real thing, and directing you to use the FTDI drivers. It totally makes FTDI look bad. I didn't find out until after researching with some guys from chirp that my cable was a knock off. I thought I was buying a supported chipset. Might not be legal or ethical, but I'm all for anything that stops these crappy chinese cloners in their tracks. I spent way too much time and hassle on a problem they caused.
Are there alternatives to this tech? I would happily buy from a competitor if one is available and boycott a company who would fuck over consumers like this. Is there even a way to choose or tell the difference between fakes or competitor products?
Where are they used? Who uses them? What alternatives are there?
Well I thought prolific writing bad drivers that gave an error code 10 for counterfeit 232 adapters was bad. I swayed many amateur radio operators to keep away from prolific and suggested FTDI instead. I now will suggest to keep away from prolific and run as far as they can from using any FTDI products.
A few years back I took $100 out of one bank and deposited it at another. The second bank only credited me $80, and sent me a letter informing me that one of the bills was counterfeit. I called the bank and explained that while I'm sure they were right, I'd been handed the bill by another bank and I had no chance of detecting the counterfeit bill so it wasn't fair to punish me. They, of course, wouldn't agree with that but they *did* give me a $20 counter credit because they wanted to keep me as a customer.
A couple decades ago when all paper money was as counterfeitable as the $1 bill remains, I worked at a fast food joint and would encounter counterfeit money on a fairly regular basis. The thing is, it was obvious to me that the poor schmo trying to buy a burger hadn't made the bill, and was just handing me a stack of money he'd been handed by somebody else. Who knows where the counterfeiter was? So unless I thought the customer was actually trying to swindle I'd just take the money and let the banks sort it out later.
Similar thing here: the purchasers are unwittingly caught in the crosshairs. Nothing good comes of attacking the person who's already been unknowingly swindled.
I did not design this game/I did not name the stakes/I just happen to like apples/And I am not afraid of snakes-AniD
Some people say they're going to "avoid FTDI chips in the future". Good luck with that because FTDI makes the most reliable Serial-to-USB ICs on the planet. Going with anything else is just asking for trouble.
Get free satoshi (Bitcoin) and Dogecoins
Moral issues aside, this seems like a bad business move. If you are a device manufacturer choosing between chip A and chip B, and the vendor for chip B bricks their clones, then you would prefer chip A.
This is because if you accidentally get a bad shipment of clone chips, and put them into your devices, your devices will be subject to bricking, creating returns and bad PR.
Plus, having some cloners around gives you a spare option if the main company bellies up.
Table-ized A.I.
So fuck you FTDI chip
They are using the same VID, but not the same design. images of real and fake FTDI silicon.
It's obvious why they are going after the end user, and not the people manufacturing the fake chips. The reasoning is a part of the supply chain for FTDI are making the fake chips to sell at a huge profit. This is fact and they know this.
.
At this point, I will be looking for a way to identify devices that have FTDI chips in them (real, not fake), and not buy those devices.
R.I.P. Mabel
-- truly a monkey, you will be missed
the preceding comment is my own and in no way reflects the opinion of the Joint Chiefs of Staff
... the one manuf. wants a monopoly and the others want to make money. What's the unamerican activity here? Is FTDI a defense department contractor maybe? Subsided in (that or) any way? Let's investigate.
It is quite likely that the counterfeiters(at least the ones that actually stamp 'FTDI' on their products, or represent them as FTDI parts, I'm unconvinced that a VID:PID pair is a trademarkable thing) are committing 36 flavors of trademark infringement; but that still doesn't make it obvious that FTDI can just go all vigilante justice on them(much less on random people who may or may not know they were even using counterfeit chips).
Even when something is clearly recognized as a crime, the courts tend to take a somewhat dim view of those who go and dish out some extrajudicial punishment for it (typically with exceptions for things like self defense). Even when the law specifically defines transgressions that create a private right of action, the 'action' usually involves getting to sue the target, not take matters into your own hands.
Am I the only one that applauds FTDI for this move?
Knockoff USB-Serial chips are notoriously shitty and cause real, legitimate harm to professionals that need a functional serial interface to talk to legacy hardware. (Or new hardware that uses simple serial interfaces.) It's so bad that it can actually be difficult to source a USB-Serial converter that works reliably and to spec.
Grey market knockoffs have so saturated the supply that it's causing real harm to FTDI's bottom line, brand, and reputation. They SHOULD knock out counterfeit chips masquerading as legitimate. The fault is not theirs, but with companies that source grey market knockoffs instead of paying up for legitimate FTDI silicon.
Asking politely won't bring about any changes. Sometimes direct action like this is needed to protect one's brand and reputation. Why should FTDI accommodate knockoffs in their driver anyway?
People go to FTDI because they make a good solution. Knockoffs ape FTDI so they can use their driver, saving a lot of money and time. This would not be such an issue if the knockoffs actually worked.
If you buy a Frod Car, instead of a Ford Car, you have harmed Ford.
If I buy a Renault car, do I harm Ford?
I don't see how creating code that is intentionally malicious can be legal even if the chip itself is a fake. IANAL --- but would speculate that such code seem terroristic in nature.
http://www.hawknest.com/
The thing that really bugs me the most about this is, they don't have to make counterfeit chips to sell them, if they simply made another chip that used an ssop-24 or whatever standard case the FTDI ones use, and made it pin compatible, but released it under their own name, people would still buy them, most people buying cheap chips from china know they're not getting an ftdi chip, they don't really care they want something so they can build to a price and include X functionality.
If the silicon itself is a unique design (and i'm not saying it is) then they would be totally above board..
If Microsoft was FTDI, it would format hard disks on computers with non genuine copies of Windows.
those that don't cheat with the labels, and only use the string "FTDI" so they will inter-operate with existing software should be legal.
I am not a lawyer. My opinion of what should be legal may not match what the courts rule as legal.
In many places, a 64-bit chip is referred to as 'amd64', whereas a 32-bit chip is referred to as 'i386'. The chip may not be AMD at all, but if it's 64-bit, then it's called 'amd64'. Now, that's not the same as the chip itself saying it's 'amd64', but using certain strings for interoperability isn't illegal.
OpenBSD would never have let a vendor do something like this.
Fine, I'll just come out and say it, it's what we're all secretly thinking anyhow.
This is just another nail in the coffin pushed by none other than then N S A.
They want to be able have a documented chain of custody for every component in every piece of your equipment so the cyberpolice can backtrace any illegal encryption and punish scapegoats to justify their exponentially growing budgets. This way they can automatically tell if you done goofed and make sure the consequences will never be the same.
WARNING : may contain MKPUPPET triggers. Processed on machinery that may have also been used to process peanuts. Oops, maybe we should have put that up front.
the preceding comment is my own and in no way reflects the opinion of the Joint Chiefs of Staff
How many emergency communications systems will go down because a device died right after applying a Microsoft-delivered patch?
How many emergency communications systems will go down because of some recently-patched-by-Microsoft vulnerability got through because the administrator took an extra day or two beyond what he already does to thoroughly validate that Microsoft patches wouldn't brick his system?
In short, how many people will die because of this? Here's hoping the answer is "less than 1".
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
You go to your bank. They notify you that your cash is counterfeit. You can't spend it. Your money has been "bricked".
(Yes, it's an imperfect analogy. Is there such a thing as a perfect analogy?)
I have had nothing but great experiences with FTDI devices. The fact that their devices are counterfeited displeases me. The counterfeiters can suffer for all I care.
But consumers who don't know any better are probably going to blame FTDI instead of the counterfeiters.
Can you tell, by merely looking at it, whether a given device is using GenuineFTDI(TM)(R)(C)(BFD) chips, or whether it's a counterfeit? Can you tell by using whatever the Windows equivalent of lsusb is? No? Then there is a random, non-trivial chance that plugging in your serial-ish device will either:
Thus, in the mind of the user, FTDI == Flaky. And Flaky == Avoid.
Congratulations, FTDI. Ten points for avoiding your feet, but minus several million for shooting yourself straight in the head.
Editor, A1-AAA AmeriCaptions
Bullshit. How have I harmed FTDI by buying a counterfeit? They don't have my money?
That's like saying "buying a sandwich instead of an FTDI product harms FTDI". Then they also don't have my money.
If you buy a Rodex watch, expecting it to be exactly like a Rolex watch, people will laugh at you, but no harm occurs to Rolex.
And you're ok with your Ford car's computer frying out the radio because it's not an "officical" part?
Why should you be allowed to use a computer, riding the coat-tails of Charles Babbage, for no compensation? Because you paid for a product in good faith, and the fact that IBM and the US army stole the work of Zuse, Berry and Atanasoff is not your fault, that's why.
This all goes out the window the minute you write code that intentionally does harmful things to your^H^H^H^Hother people's hardware.
If I want to write code that breaks my own hardware (that is, a chip that I bought and paid for) that's my business.
-/s/ a different A/C than in #48206177.
Hehe, thanks for the good laugh.
Bricked implies that the change is irreversible. This is simply a change to the PID, which can be undone or set to some other PID pretty easily. So no, not bricked, not destroyed, just fake detected and it's fakery undone as a matter of configuration.
... the PID can be reset. It's not a brick at all. OP is off the rails. FTDI FTW.
What could their liability be if the bricked a device and as a result someone suffered real damages when the resultant device failed to work as expected? It would seem to me to be OK to make your driver not work with fakes, but even if the driver's license agreement said you agreed to let them brick devices they could still be liable. In addition, the person plunging in the device may not be the owner of the computer and never agreed to the license that came with the driver. Or, what if it accidentally bricks a real chip due to some unforeseen bug in the driver.
I can understand their desire to stop counterfeits but it seems to me that the solution was not very well though out
I'm a consultant - I convert gibberish into cash-flow.
The chips are not destroyed.
The main message consumers will end up with is
"Don't buy any product claiming to use and FTDI part, it might go dead unexpectedly"
Consumers can't tell real FTDI from clones, they can just look at the IDs.
So they need to avoid all parts with an FTDI ID.
I actually ship a device that implements FTDI's protocol in an MCU, and simply glue an otherwise unused FTDI chip to the board as a physical "license token". It's more reliable that way, and I can offer way better buffering and sync than the FTDI chip would allow. As long as they don't use real crypto in their chip, I'm not worried - an afternoon with a protocol analyzer should solve any issues. And if they do use crypto, then I'll probably have my buddy decap the chip and look for the private key bits on the die.
A successful API design takes a mixture of software design and pedagogy.
The GP isn't pushing anything. You might not want to use your own account to demonstrate the depths of your ignorance.
shill (intransitive verb)
to talk about or describe someone or something in a favorable way because you are being paid to do it.
shill (noun)
one who makes a sales pitch or serves as a promoter
Just a suggestion.
I think the most interesting part of the story was this little gem:
> This chip is completely different! We can notice right away that number of contact pads is much higher than needed. Chip has marking "SR1107 2011-12 SUPEREAL"
I'm guessing that's supposed to be SUPER EAL, which as far as I can tell isn't an actual Evaluation Assurance Level, but that's just hilarious given the situation.
Yes, the bricked chips can (allegedly) be restored to working order through the use of a utility. "Hang on. Would this utility be furnished by the very same company that wrecked my device in the first place?" Why yes; is that relevant? "Very fscking hilarious; I'll be looking elsewhere for my USB-serial adapter needs from now on..."
This is a distinction without a difference, as they say. You wouldn't cut any slack to a malware author who tried to claim, "Oh, the files aren't destroyed. They're merely encrypted, and can be restored to their previous condition through the use of this handy-dandy decryption key, available exclusively from me... for a modest fee..."
Editor, A1-AAA AmeriCaptions
I believe it is legal to "borrow" another vendors VIN and identify to the OS as another vendor's product. However it would then be a licence violation to put the USB logo anywhere on the device as using an unlicenced VIN is against spec.
Thanks. That was the article that should have been posted.... If I had any mod points left I would have given them to you.
Based on the story, it seems like once you plug in the illegitimate devices, they're going to be reassigned the bad PID fairly quickly making them rather useless afterwards. Unfortunately that would pre-empt any sort of windows app which tests whether they're legitimate.
In Linux-land, I'd guess that the current driver still works well. Does anyone know of a way to test whether devices are legitimate?
When it permanently cripples the CD/DVD drive if it senses a scratched disk, and the only way to fix it is a registry hack or disconnecting the drive and rebooting a few times to fool the OS that a new drive was installed. What a piece of work.
Maybe there have been a lot of support calls on these fake devices not working properly. If that's the case, why not nip the problem in the bud and kill off the counterfeit chips. I pushed for FTDI USB to serial chips in some of my company's products because they work and have good OSS support. I've had too many other USB to serial adapters give me problems, but never FTDI based ones. FTDI also provides a lot of useful code for doing interesting things with their chips, like JTAG and I2C.
This post is encrypted twice with ROT-13. Documenting or attempting to crack this encryption is illegal.
In this case they are using the FTDI trademark and USB ID. This is not second sourcing but counterfeit FTDI chips.
This post is encrypted twice with ROT-13. Documenting or attempting to crack this encryption is illegal.
I've had issues with many non-FTDI USB to serial adapters but the real FTDI ones have been rock solid. I pushed for integrating a quad FTDI USB to serial chip into one of our products since the FTDI chip can also do i2c and JTAG. I'm sure a knock-off chip would have a lot of problems. I've had the FTDI serial chip reliably running at 10Mbps.
This post is encrypted twice with ROT-13. Documenting or attempting to crack this encryption is illegal.
You can't write back the PID but you can FORCE it! :)
http://forum.gsmhosting.com/vb...
SORRY FROM TFA (AND EVEN TFA WITHIN TFA, IF YOU READ THE LINKS) I AM NOT BUYING THIS SHIT.
DO YOU EVER THINK, THAT MAYBE THE COUNTERFEIT GEAR IS SHIT AND THIS IS HAPPENING BECAUSE IT IS A KNOCK OFF, *NOT* BECAUSE FTDI IS BRICKING GEAR DELIBERATELY?
Ever think, that maybe the counterfeit gear is shit and this is happening because it is a knock off, *not* because FTDI is bricking gear?
SERIOUSLY. I HAVE GONE THROUGH MORE USB RS232 GEAR THAN I CARE TO ADMIT. FINDING THINGS THAT WERE *ACTUAL* FTDI CHIPSETS SAVED ME MANY HEADACHES THAT HAD *NOTHING* TO DO WITH FTDI DRIVERS, AND EVERYTHING TO DO WITH SHITTIER HARDWARE AND SHITTIER OS SUPPORT (HEY, BSDS AND LINUX ALREADY HAVE DRIVERS BUILT IN THAT WORK WITH EVEN THE CHEAP KNOCK OFFS, STOP WASTING OUR TIME WITH WINDOWS, FFS!!! PARTICULARLY WITH YOUR PIDDLY ARDUINO PROJECT. WE WERE BUILDING MICROCONTROLLERS THAT WERE MORE POWERFUL THAN THAT SHIT IN THE 1980S)
OR, IF YOU ARE GOING TO MAKE SUCH CLAIMS, AT LEAST LINK AN ARTICLE THAT HAS SOMEONE WHO AS REVERSE ENGINEERED THE FTDI DRIVER TO CONFIRM THIS. FTDI CLAIMS THEY ARE NOT (GO READ THEIR TWITTER FEED) AND I DOUBT THEY HAVE MUCH REASON TO LIE, GIVEN THAT MOST OF THEIR COUNTERFEITS ALREADY WORK LIKE SHIT, WHICH IS WHY THEY PROBABLY ADDED SUPPORT TO MORE RECENT DRIVERS TO ATTEMPT TO DETECT AND NOT USE THEM!!! THEY ALREADY DEPRECATED CLONES, AND YET STILL HAVE OLDER DRIVERS WHICH DON'T DO THIS FOR THE DESPERATE EVEN THOUGH THEY DID NOT MAKE THE CLONES. YOU THINK THEY SHOULD BE RESPONSIBLE FOR HARDWARE THEY DIDN'T MAKE? THESE ARE VERY LOW MARGIN ITEMS, WHICH *RETAIL* FOR 20 USD APPROXIMATELY, YOU ARE WASTING EVEN MORE OF EVERYONE'S TIME WITH BOGUS, POORLY RESEARCHED CLAIMS.
LASTLY, IF YOU REALLY WANT RELIABLE RS232, GO WITH HTTP://WWW.BYTERUNNER.COM WHICH AFAIK, HAS BEEN SELLING 16550 UARTS AND EVEN 16950 UARTS (*GASP* WITH A *MASSIVE* 128 BYTE FIFO FOR RS232 SERIAL COMMUNICATIONS AT SPEEDS OF ALMOST UP TO 1MBPS). USB RS232 HAS NEVER BEEN AS RELIABLE AS AN ACTUAL PCI RS232 CARD WITH REAL UARTS, AND IT NEVER WILL BE.
ALSO, I LOVE ALL CAPS DAY, IT REMINDS ME OF THE ERA WHEN THERE WERE TDDS ON BBSES AND YOU THOUGHT GODDAMN THAT GUY IS AN ASSHOLE, AND THEN YOU JUST REALIZED THEY WERE DEAF AND FELT BAD. SADLY, NO MORE TDDS.
BUT YOU ARE STILL USING RS232??? DAMNIT YOU KNOW ETHERNET WAS INVENTED IN THE 1970S, BUT AT LEAST HANDLES GIGABIT SPEEDS NOW. LET SERIAL DIAF, SRSLY. UDP IS MORE RELIABLE THAN RS232, AND I AM NOT JOKING. I MEAN, SURE, MAYBE IF YOUR ARDUINO SUPPORTS Z-MODEM, BUT GOOD LUCK FINDING MUCH THAT DOES THAT WITH YOUR DATA XFERS.
Yes, because you can set up a chip fab and tear it down in a day.
Idiot.
Irrecoverable vs recoverable is a distinction with a huge difference. Bricked is bricked, this is reversibly altered so as to no longer report that it is something it is not.
On the other hand, that could have been accomplished by doing something like display an error "your device contains an unrecognised/counterfeit chip and cannot be used with this driver.", or possibly a BSOD. That doesn't break the device but does prevent its use with the driver while notifying the user.
With any luck some opensource alternative becomes the popular option among people who need this functionality and that companies like MS and Apple simply start to refuse to distribute the malicious drivers. When a company pulls a stunt like FTDI I simply hope that they are out of business before the next 5 years. Genuinely hope.
and here we have very first attack of BadUsb. Computer malware infecting and destroying USB connected peripherals, possible because USB device had no firmware signing/authentication and was build to let anyone update it.
Who logs in to gdm? Not I, said the duck.
This is very poor business practice. As someone who has designed these chips into a few products in the distant past, I must say that this has pushed me away from FTDI. I have no respect for companies passing off FTDI chips as their own, but I also have no interest in dealing with companies who act in a manner that compounds an already rather difficult situation for the end user. A reasonable approach for proprietary drivers would have been to just not recognise the chip as an FTDI part. For FOSS drivers, creating a patch to flag potential reliability issues in the kernel messages would have alleviated any perceived quality issues being targeted at FTDI themselves.
The American FDA will be very interested.
I think Scotland has extradition treaties for major crimes; it would suck to have written that driver, or been responsible for releasing it.
Counterfeit parts are a major problem; there is no way to determine if parts on boards are real or not, without destructive testing.
Or when they start failing in the field.
I've had major issues with counterfeits, but this is not the way to go.
I went to google and searched cheap usb to serial adaptor and bought the cheapest one
So, you're complaining because you got exactly what you paid for, why? I realize that you don't care about the chips inside, which is why you went cheap, because Rodex Watch keeps time just like a Rolex, looks like a Rolex even. You can't get mad at Rolex when your cheap watch doesn't work when you upgrade it using Rolex technology.
All I cared about was a cheap way to get access to my switches.
And you got that. You got exactly what you paid for. A cheap counterfeit.
Agent K: A *person* is smart. People are dumb, stupid, panicky animals, and you know it.
Are you talking about an unattributed result of a purchase event, or are you pretending that's a deliberate action every buyer knowingly made?
It really doesn't matter. People lie.
Any sufficient level of incompetence is indistinguishable from malice.
Agent K: A *person* is smart. People are dumb, stupid, panicky animals, and you know it.
If you buy a Frod, thinking it is a Ford, you do. That is what happened here. Renault isn't counterfeiting Ford Cars or trucks.
Car analogy: If you bought a Frod, and took it to Ford Dealer and they put in a Motorcraft Oil Filer that damages your FROD because it isn't a Ford, is Ford Responsible because all you cared about was the Frod Car was cheaper on eBay?
Agent K: A *person* is smart. People are dumb, stupid, panicky animals, and you know it.
So, you're okay with ID theft then as well. After all, opening up credit in your name didn't spend any of your money.
Agent K: A *person* is smart. People are dumb, stupid, panicky animals, and you know it.
On top of it. Why does FTDI have the right to change the device ID on the chip anyways. I own the chip not them.
You own the chip but they wrote the driver. You can use the device however you like, the driver is free to alter it if it claims to be from that company but is not really, because the driver (which you installed BTW) is in full control of all devices with that vendor ID. Perhaps you should have shopped smarter and not bought a device falsifying a vendor ID....
Personally I think the driver should stick a chainsaw up your ass and set fire to your house, but that's just my feeling of how we could use technology to help clean the gene pool from technical pedants.
From the article, the fakes are not bricked it is just their device ID is changed to 0. FTDI are simply saying this isn't one of our chips so we won't let it work with our driver. If the clone manufactures produce their own driver and don't try to use IDs that are for FTDI chips there isn't a problem. It might be better if the FTDI simply refused to recognise the fakes and didn't make any ID changes but I guess the problem it that people would still believe that FTDI hardware was at fault...
Those manufacturers that include fake chips will end up with a lot of returns and might reconsider using fakes. There does not appear to be any legal basis for these manufacturers or the producers of the fake chips to go after FTDI but the end users might. This has raised awareness of the fakes and the fact that FTDI has the ability to do something about them which might be enough for FTDI so consider the exercise a success and a newer driver without this behaviour could follow soon.
It's possible it's not even the chip itself at fault, but possibly the board implementation. It's very common for low cost devices to throw out a clock crystal and replace it with an RC oscillator or similar that is close enough in timing to sometimes work (depending on part variation, temperature, etc).
This is one reason why some cheap card readers just don't work very well.
FTDI has .... interesting level of support, they THINK they are the only ones in the universe with a USB to various serial devices, but they are not, prolific chips are easier to design with since they are pretty much a drop n go part, TI and Microchip have some good ones, and any yahoo can take a cheap usb device capable micro and make their own which is what arduino did years ago.
so I applaud you FTDI for taking a stand, DONT make it a pain in the ass for me, the guy who has no problems using someone else's chip in my design
> malice
...I never thought I'd say "doddering" in my life.
I'm telling you, she didn't hate you, your dad clearly said to go with video games.
Maybe you can't tell them apart, but I posit that for every doddering aunt's purchase of that shovelcrap, there were zero cases of malice. Globally.
I use Linux exclusively, so I don't know that the Linux USB driver for the device would be playing those games.
So, should I care about this?
Car analogy: If you bought a Frod, and took it to Ford Dealer and they put in a Motorcraft Oil Filer that damages your FROD because it isn't a Ford, is Ford Responsible because all you cared about was the Frod Car was cheaper on eBay?
but this is Ford installing a Motorcraft oil filter which was designed not to open if it was connected to a Frod, not one which just happens to not open in that condition. There's a massive difference there, and the difference is one of intent.
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
And THIS is why we can't have any thing nice... People who buy solely on price drive down the cost so far it's impossible to keep open companies that make good quality parts.
TL,DR: Cheapskates screw things up for the rest of us.
> Except the chip wasn't, as you put it, "killed." The chip is still fully functional with a driver that will support it.
WRONG, WRONG, WRONG. The firmware ID in the device is modified so that...
a) it doesn't work with the new driver
b) it doesn't work with the old driver on the current OS
c) it doesn't work with any driver on any other OS
> That FTDI doesn't want to support counterfeited chips with the driver it developed for the real article is reasonable.
>
> Why should FTDI support chips it didn't make?
When a copy of Microsoft Windows decides that it *MIGHT* be a fake, it goes into reduced functionality mode and gives you 30 days to validate it. It does not wipe your hard drive. If the FTDI driver detected a fake, and merely refused to function, I'd be unhappy, but that would be within their rights. Bricking the device, requiring an estoteric bare-metal binary writer to unbrick it, is crossing the line.
I'm not repeating myself
I'm an X window user; I'm an ex-Windows user
This is going to be a real problem with embedded systems. At my last workplace, we had coin/bill vending units hooked up to PCs, which were connected using a FTDI serial-to-USB connection. I think the chip was legit – but how would I be able to tell? We purchased these vending units from a manufacturer, which in turn, I'm sure, bought the serial-to-USB chips (or even pre-made boards) from another vendor. What if that other vendor used clone chips without telling anyone?
And yes, we did occasionally install FTDI driver updates on these. If one of these units were to be bricked, FTDI is going to be open to some very substantial lawsuits. Arguing "unclean hands" won't work when the people getting hurt are about four steps removed from any actual culpability.
Fake or otherwise, a third party cannot destroy my property if I am an innocent victim of a fraud, certainly not without a court order.
Right... so you'd prefer they physically break your hardware rather than spit out an alert that you've got a counterfeit part and refuse to load the driver? Makes sense.
FTDI is deliberately destroying my property. I figured this ought several weeks ago and here is how I plan to solve it. FTDI, I don't need your chips. If you like to blame the consumer and destroy products that were legally obtained then I don't need to do buisness with you. There are plenty of other companies competing in this market sector. I think all FTDI users should make an example out of FTDI. We should stop buying FTDI parts or devices that use their parts. Let's see how they respond to their market collapsing from their unethical choice to punish the wrong people. There's an ethical way to handle this but obviously they have chosen a different path. I personally worked with them on this issue and was treated like in an unprofessional manner. If a lawsuit against them is filed for damaging legally aquired products I would support that effort. If this sort of behaviour isn't nipped in the butt we stand a chance of washing machines breaking, AC units failing, computers breaking, cars failing, etc. FTDI, get your act together!
Why shouldn't it be legal for me to write software that, as one of the features, detects and deals with low quality counterfeits? The problem is merely that users didn't know this would happen, probably because it was buried in a several page pile of legalese known as an EULA. Conversely, if they had placed what I would consider a fair notice on their software, it would inconvenience their legitimate users but no one would have felt sorry for the illegitimate ones.
Don't waste your vote! Vote for whoever you want, unless you live in a swing state it won't matter anyways
Dear FTDI, fix your damn Mac drivers. I'm tired of them kernel panicing my machine and you refusing to help because I'm not the OEM buyer of the chips. KTHXBYE.
Consumers aren't the problem unless they are fully aware the device is counterfeit and they buy it anyway. Your talking average and busy consumers, and do you honestly believe the vendors are going to have any clue, quoting a paragraph form the article
"Hackaday says, "ItÃ(TM)s very hard to tell the difference between the real and fake versions by looking at the package, but a look at the silicon reveals vast differences."
Which means unless you can remove the plastic covering from the USB device itself to physically look at the chips within them/it you have no real way of knowing.
This company is only going to piss consumers off, it is another case of doing things as cheap as possible, since trying to go after counterfeiters will cost money, which like the article says is something FTDI should be doing. The end game of this strategy will see them losing money when consumers look elsewhere for their USB needs.
Another suggestion that would be cheap is it to brand the USB packaging with a trademark so consumers know. Violating trademarks is far easier to control. I'm not sue if FTDI does this, they make the chips but if they have contracts with suppliers to supply chips those companies could be instructed to apply some sort of official FTDI trademark to USB device packaging with their chips, If they refuse then you make it clear you will go elsewhere to a company that will. This is smart business, what their doing is idiotic and shows little to no creativity in countering counterfeit devices. There are endless stories about trademark infringement and companies that use it for this very reason.
The bad chips are advertising themselves as genuine FTDI parts. The FTDI driver is making a reversible change to the EEPROM of the imposter chip so that it nolonger masquerades as a genuine FTDI part.
I agree it's a borderline case, but I think in this case it's defensible.
One difference I've noticed between Windows and Linux...
* in Linux, plug in a USB key, or hard drive, or other USB device, and if you have the appropriate driver, "it just works". One USB "mass storage device" driver works for all USB keys and hard drives
* in Windows...
--- plug in a brand X USB key the first time, and Windws goes off onto the internet and installs a special driver
--- plug in a brand Y USB key the first time, and Windws goes off onto the internet and installs a special driver
--- plug in a brand Z USB key the first time, and Windws goes off onto the internet and installs a special driver
Come on guys, a USB key is a USB key, is a USB key. If it has some esoteric functionality, OK, otherwise don't clog up the registry and the hard drive with drivers for every USB key model that has ever been inserted into the machine..
I have a USRobotics USR5637 http://www.usr.com/en/products... USB CDC "56K" dialup modem for backup on the rare occasions my broadband goes down. It's a hardware modem that works in Windows, Mac, Linux, DOS, etc. Once I set up the kernel options in linux "it just works", without constantly downloading updates. WTF is Windows always updating?
I'm not repeating myself
I'm an X window user; I'm an ex-Windows user
How long do you think it will take before somebody patches the linux USB files so a device with a PID of 0 is recognized, and begins to work again? I bet somebody does it before the weekend.
Consumers like you that knowingly purchase products based on counterfeit devices deserve to be "fucked over". Again and again.
It is not hard to ask if the product in question is built with proper components. Any idiot can usually tell based on price and company reputation.
And who the fuck uses USB for anything nowadays anyway?
The USB association requires that anyone who wishes to market their product as a "USB" device of any sort must have a license - because the USB name and marks are trademarked. Furthermore, in order to get that license, you must agree to use a unique vendor ID that the association assigns to you. You are perfectly free to create your own device that happens to have the same features, performance, and interface as FTDI's; however, you must use your own VID. That's the trademark issue.
There's also a copyright issue: FTDI's driver software is a copyrighted work. They are fully within their legal rights to place restrictions on the copying and use of that software. If you have made your own USB/serial chip that happens to be compatible with FTDI's, that still does not give you the right to use their copyrighted driver - you have to go write your own driver. (For the sake of argument, if you were to write a driver that worked for your chip, and also just so happened to work with FTDI's chips - since they use a compatible interface - then that would be alright.) This is not a DRM isssue: there is absolutely no reason (aside from laziness) that the chip needs to identify itself as an FTDI device.
So, to conclude analyzing the "inter-operation" arguments: the way to do that legally is to make your own product, and write your own driver. If the driver presents itself to Windows as a serial communications device, then it will inter-operate just fine with all the rest of your software.
> Might not be legal or ethical, but I'm all for anything that stops these crappy chinese cloners [...]
"I once had a problem, so screw all other unsuspecting users to give me my little petty vengeance".
Gah. Get a life.
My only exposure to FTDI comes from using USB or serial cables to program various kinds of two-way radios. In many cases, an FTDI chip is involved somewhere in the cable that we use to do this programming.
But even in cables sourced directly from the radio manufacturer, there is no way for us to tell whether the chip is legit or not. And if we have to obtain a cable from eBay or some other supplier, all bets are off. But it's not like we can go to a certified place to get a cable. There aren't any such places. But again, even cables direct from the factory may or may not be legit. We don't control that.
All we do know is that we're supposed to use FTDI drivers to run it.
The real answer here is to come up with an open-source or free driver that can support these chips and remove the support needs from FTDI.
Sig for hire.
Not just with these chips, but with a lot of semiconductors. I needed some Ixys CP10M45 constant current sources earlier in the year; I bought several from my usual (and previously reliable) components supplier only to find that they were fakes - completely open circuit between the pins. Eventually I found a reliable source (thank you Mouser) but it was still a bit shocking - who the hell counterfeits $2 chips?
>images of real and fake FTDI silicon*
* That bit, right there. It has FTDI's logo on, but is fake. Design may not be copied, but copyright has been broken by implying the device is FTDI when it is not
I think Microsoft will have to pull the driver... and FTDI is going to get a beating.
They tried to get it into the linux kernel today:
https://lkml.org/lkml/2014/10/...
But I"m not upgrading it with their technology. I'm running windows updates. I didn't even know what driver was being used. I plugged it into windows and it worked!
If you had to go to their website and download a driver then I would agree, but that is not the case.
Now consumers are becoming aware that there's a massive counterfeiting problem and can be better educated to ask their vendors "Hey, is my device legit?" I certainly had no idea that this was going on.
How in the hell is the consumer supposed to know that the USB chip in a device is not legally using the FTDI PID? That is the biggest load of crap I've heard. The is NO F'ING WAY the consumer can possibly know that the USB PID is wrong and that's assuming you can copyright a number which btw you can't.
FTDI READ THIS : It is against the law in the USA to intentionally damage private property. You may also be in trouble under the many computer crimes acts we have here. You have no claims to the PID as it is a number and cannot be copyrighted. You do have the right to sue in a court of law to enforce your copyrights but do not have the right to damage private property.
MICROSOFT READ THIS: You are probably subject to culpable liable for any damage as you knew the intent for the damage was called out in FTDI EULA and distributed FTDI's product anyway.
Enjoy the lawsuits and fines.
This actually came up during the Oracle vs Google lawsuit over Java. Oracle claimed that because Google made their own Java VM that was code compatible with Oracle's, that they were violating Oracles copyright on Java API's. Google's counter-argument was that copyright was intended to cover creative works, not a functional specification that can ONLY work in one possible way, and that Google did not copy any Oracle code where differentiation was possible. It's sort of like saying that one car manufacturer stole their design from another because they both use standard car batteries.
The device manufacturers already lost this court battle in the Carterphone decision way back.
After some hunting around, I figured out how to unbrick a bricked FTDI device (set the PID back to 6001) using the ft232 tool on Linux.
I wrote up the steps here for those that are interested:
http://www.minipwner.com/index...
FTDI is headquartered in Scotland.
http://www.legislation.gov.uk/...
For the purposes of the act, the serial adaptor is a 'computer' -as it's a data storage device that is plugged into a computer.
Destroying, or recklessly damaging the devices stored data is in principle worth up to a ten year sentance.
Bricked devices will be blamed on the device manufacturer not the chip supplier.
And that sounds fair to me... I've got several devices using this chip which have long been crap because they use fake chips. It's the manufacturers duty to ensure their equipment work, and if they rely on the chip maker to provide support, they need to ensure they are using authentic chips.
It's a dick move by FTDI, but they are just inconveniencing people, not causing damage.
John Doe sees that his cheap whatever stopped working all of the sudden. One of the two happens:
- It was expected that this cheap shitty something off ebay or alibaba will not last. Let's buy another one for 5$ including shipping and accessories.
- In the off-case it was acquired from somewhere it can be returned to Doe returns it, manufacturer/distributor knows it's a cheap shit with knockoff chips so shuts up, uses the available tool to fix the ID/replaces it with a new one, instructing John to install an old driver and disable all windows updates in order to ensure stability in the future
FTDI has made a statement concerning recent driver problems & how they are now being resolved ftdichipblog.com/?p=1053
Technically according to US law if you buy a counterfeit anything (knowing or not) the item is forfeit if the fakery comes to light. Usually the police are the ones doing the confiscating however. You have no recourse except to go back where you bought it and try to get a refund and E-bay is not the greatest place for this. The moral of the story is by for reputable sources and you'll have less issues.
Dahamma,
FTDI has pulled the update.. http://www.ftdichipblog.com/?p...
http://www.hawknest.com/