Slashdot Mirror
FTDI Reportedly Bricking Devices Using Competitors' Chips.
janoc writes It seems that chipmaker FTDI has started an outright war on cloners of their popular USB bridge chips. At first the clones stopped working with the official drivers, and now they are being intentionally bricked, rendering the device useless. The problem? These chips are incredibly popular and used in many consumer products. Are you sure yours doesn't contain a counterfeit one before you plug it in? Hackaday says, "It’s very hard to tell the difference between the real and fake versions by looking at the package, but a look at the silicon reveals vast differences. The new driver for the FT232 exploits these differences, reprogramming it so it won’t work with existing drivers. It’s a bold strategy to cut down on silicon counterfeiters on the part of FTDI. A reasonable company would go after the manufacturers of fake chips, not the consumers who are most likely unaware they have a fake chip."
Update: 10/24 02:53 GMT by S : In a series of Twitter posts, FTDI has admitted to doing this.
Now consumers are becoming aware that there's a massive counterfeiting problem and can be better educated to ask their vendors "Hey, is my device legit?" I certainly had no idea that this was going on.
If you were me, you'd be good lookin'. - six string samurai
A component manufacturer is unhappy that someone else is using his product id so he puts code in a driver that sets the product id to zero. This prevents the fake component being recognized by his driver or any other driver. The license for the driver explicitly states that using the driver with a fake component may irretrievably damage the component.
If the component manufacturer doesn't want the fake product to work with his driver he can code his driver to ignore the fake. Modifying the product id to brick the component is another matter entirely.
This doesn't hurt the people who created the fake, or even the people who purchased the fake and used them in their manufacturing. It only hurts end users who have done nothing except purchase a product in retail channels. Deliberately destroying equipment because it uses a fake component goes to a whole new level of nastiness.
Seems like it should be!
Go after the infringers? HA. You can't do shit to some nameless, here-one-day-gone-the-next Chinese outfit.
Why should they let people ride their coattails for no compensation? To be fair, bricking a device is a little overkill, and simply refusing to recognize a fake device may have been a better approach.
It looks like they are trying to hide behind their EULA, which says that "Use of the Software as a driver for a component that is not a Genuine FTDI Component MAY IRRETRIEVABLY DAMAGE THAT COMPONENT." But there are reports that this new driver is being delivered via Windows Update, which presumably doesn't show you this EULA.
Microsoft would be wise to pull this update.
Now that we know it's happening we can all join the class action lawsuit which will utterly bankrupt FTDI because what they are doing is illegal and they can be held liable for damages, which could easily run into the billions.
Is it just my observation, or are there way too many stupid people in the world?
Most people won't have any technical knowhow to understand why their device bricked, just that it bricked. Bricked devices will be blamed on the device manufacturer not the chip supplier.
"A reasonable company would go after the manufacturers of fake chips, not the consumers who are most likely unaware they have a fake chip."
You go try to chase down random Chinese outfits pumping out fake chips.
Fuck systemd. Fuck Redhat. Fuck Soylent, too. Wait, scratch the last one.
I've used FTDI products for *years* and with just a very few exceptions have had zero issues with compatibility and performance. They are my number one supplier of USB to serial chips, and I still don't have any issues recommending them. Their drivers are very stable, and they work hard to make them for every platform. If they want to go after the counterfeiters, more power to them. Filing a lawsuit against a small shell company selling back-room chips pretending to be FTDI chips won't do any good. Brick a thousand shitty chips and things might change.
LOAD "SIG",8,1
LOADING...
READY.
RUN
Device manufacturing companies may just avoid FTDI chips outright. This is especially true if some suppliers are mixing the real chips with the counterfeit chips.
Worse, since it's coming through Windows Update, the engineers working on Windows Update might outright blacklist FTDI. And Microsoft would be at least partially liable for any bricked device, which would make their lawyers a bit uncomfortable. I wouldn't be surprised to see Microsoft release a patch in the future to automatically unbrick the affected devices.
"If a nation expects to be ignorant and free in a state of civilization, it expects what never was and never will be."
Intentional and willful destruction of another person's property for the base reason that he didn't buy with you but with your competitor? I don't know about your country, but over here in socialist Europe we have consumer protection laws that deserve that name.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
LITTLE overkill? Bricking something I paid my hard earned money for is a great way to get punched in the mouth.
Never mind your feeble class action lawsuit. Let their executives or other staff responsible travel to a country where unauthorized computer access causing this kind of damage is a criminal offence!
Then let them stand up in court and argue with a straight face that the user of a device that without the user's knowledge contained an alleged counterfeit component had authorised them to install software that was actively designed to impair the use of that device.
If you disagree, post your argument. (-1, Overrated) isn't your personal censorship tool for views you don't like.
Tortuous interference and trespass to chattels with an identifiable, numerous class with commonality of injury, and an easily identifiable tortfeasor acting with clearly malicious intent?
I hope no one is paying you to be their lawyer, since the suit practically writes itself.
Unless the non-FTDI chips are using some patented technology without permission, or are using FTDI trademark, they are doing no wrong. Second-sourcing of integrated circuits has been going on for at least 45 years, and it's completely legal. The fact that their silicon looks completely different indicates that the copiers are not violating copyright as far as the chip is concerned. Unless I'm missing something, FTDI is engaging in willful destruction of private property and should suffer immense fines.
Contribute to civilization: ari.aynrand.org/donate
And if the slick salesperson lies and says "yes, they are legit"?
It's a mistake in my opinion to dump this problem onto the consumer; it's not realistic for them to police all the parts of gizmos they buy.
Table-ized A.I.
The fake chips that have FTDI stamped on the outside of the package are clearly misusing the FTDI trademark. On the other hand, those that don't cheat with the labels, and only use the string "FTDI" so they will inter-operate with existing software should be legal. I am not a lawyer. My opinion of what should be legal may not match what the courts rule as legal.
1) Learn to identify counterfeit FTDI chips
2) Refuse to buy anything labeled FTDI because it might brick
Wait - "FTDI has started an outright war?"
Ok, so the cloners copy the design (that FTDI paid for), steal the VID (that FTDI paid for), and then by clear intention, use the FTDI driver (that FTDI paid for), and you say FTDI started a war?
Really? Good for FTDI. The supply chain will get purged of the counterfeit material faster this way then any lawsuit could.
Seems like a clever solution to me.
How would I know if my device is legit? I needed a USB to serial adaptor. I went to google and searched cheap usb to serial adaptor and bought the cheapest one. I didn't lookup who made the chips the company that made the adaptor used. I didn't know who FTDI was until this article.
All I cared about was a cheap way to get access to my switches. Yet I'm the one who has to deal with their bullshit (potentially).
> By buying a knockoff product
Are you talking about an unattributed result of a purchase event, or are you pretending that's a deliberate action every buyer knowingly made?
It's not your aunt's fault that Christmas sucked. Please don't harbor the idea that she intentionally wanted to ruin it. She thought you'd be delighted! It said 1,000 games on the box! 1,000 games!
I'm not some victim-villain blame-game SJW, but c'mon, don't blame your Nana.
So FTDI is pissed that counterfeiters are using FTDI PIDs in their counterfeit chips so that the counterfeit chips get the benefit of FTDI drivers. I certainly sympathize with their gripe there. So FTDI is saying, "Don't use our PID" and setting the PIDs to 0 in counterfeit chips.
My guess is that FTDI didn't really think through the implications of that, that setting a PDI of 0 would brick the chip. What they should have done is just set the PID to some generic USB CDC serial port so that the counterfeit chips would no longer use the FTDI driver and would no longer show ups as FTDI chips to the OS.
This very could have been more of an "oops, sorry about that dude" than an "I KILL YOUR CHIP NOW! MOOHAHAHHA!"
They don't grade fathers, but if your daughter's a stripper, you fucked up. --Chris Rock
My $3 generic eBay FTDI clone USB->Serial cable (that I bought to program my Baofeng radio via Chirp) came with no drivers and Windows pulled down the real FTDI driver. Over the summer, it only worked sporadically. Usually didn't work. Swapping out the cable for a $12 legit cable from Trendnet solved all issues. It isn't just that these chinese places are making a clone, it's that they are making a crappy sort-of compatible clone and passing it off as the real thing, and directing you to use the FTDI drivers. It totally makes FTDI look bad. I didn't find out until after researching with some guys from chirp that my cable was a knock off. I thought I was buying a supported chipset. Might not be legal or ethical, but I'm all for anything that stops these crappy chinese cloners in their tracks. I spent way too much time and hassle on a problem they caused.
Are there alternatives to this tech? I would happily buy from a competitor if one is available and boycott a company who would fuck over consumers like this. Is there even a way to choose or tell the difference between fakes or competitor products?
Where are they used? Who uses them? What alternatives are there?
Well I thought prolific writing bad drivers that gave an error code 10 for counterfeit 232 adapters was bad. I swayed many amateur radio operators to keep away from prolific and suggested FTDI instead. I now will suggest to keep away from prolific and run as far as they can from using any FTDI products.
A few years back I took $100 out of one bank and deposited it at another. The second bank only credited me $80, and sent me a letter informing me that one of the bills was counterfeit. I called the bank and explained that while I'm sure they were right, I'd been handed the bill by another bank and I had no chance of detecting the counterfeit bill so it wasn't fair to punish me. They, of course, wouldn't agree with that but they *did* give me a $20 counter credit because they wanted to keep me as a customer.
A couple decades ago when all paper money was as counterfeitable as the $1 bill remains, I worked at a fast food joint and would encounter counterfeit money on a fairly regular basis. The thing is, it was obvious to me that the poor schmo trying to buy a burger hadn't made the bill, and was just handing me a stack of money he'd been handed by somebody else. Who knows where the counterfeiter was? So unless I thought the customer was actually trying to swindle I'd just take the money and let the banks sort it out later.
Similar thing here: the purchasers are unwittingly caught in the crosshairs. Nothing good comes of attacking the person who's already been unknowingly swindled.
I did not design this game/I did not name the stakes/I just happen to like apples/And I am not afraid of snakes-AniD
Some people say they're going to "avoid FTDI chips in the future". Good luck with that because FTDI makes the most reliable Serial-to-USB ICs on the planet. Going with anything else is just asking for trouble.
Get free satoshi (Bitcoin) and Dogecoins
Moral issues aside, this seems like a bad business move. If you are a device manufacturer choosing between chip A and chip B, and the vendor for chip B bricks their clones, then you would prefer chip A.
This is because if you accidentally get a bad shipment of clone chips, and put them into your devices, your devices will be subject to bricking, creating returns and bad PR.
Plus, having some cloners around gives you a spare option if the main company bellies up.
Table-ized A.I.
They are using the same VID, but not the same design. images of real and fake FTDI silicon.
.
At this point, I will be looking for a way to identify devices that have FTDI chips in them (real, not fake), and not buy those devices.
R.I.P. Mabel
-- truly a monkey, you will be missed
the preceding comment is my own and in no way reflects the opinion of the Joint Chiefs of Staff
... the one manuf. wants a monopoly and the others want to make money. What's the unamerican activity here? Is FTDI a defense department contractor maybe? Subsided in (that or) any way? Let's investigate.
It is quite likely that the counterfeiters(at least the ones that actually stamp 'FTDI' on their products, or represent them as FTDI parts, I'm unconvinced that a VID:PID pair is a trademarkable thing) are committing 36 flavors of trademark infringement; but that still doesn't make it obvious that FTDI can just go all vigilante justice on them(much less on random people who may or may not know they were even using counterfeit chips).
Even when something is clearly recognized as a crime, the courts tend to take a somewhat dim view of those who go and dish out some extrajudicial punishment for it (typically with exceptions for things like self defense). Even when the law specifically defines transgressions that create a private right of action, the 'action' usually involves getting to sue the target, not take matters into your own hands.
According to the eevblog report, the newest driver behavior involves reprogramming the USB PID of the target to 0, not merely refusing to do useful work with it.
Quite likely recoverable with some knowledge, unless it managed to close the door behind it on any future PID modifications; but munging a USB device's PID is definitely a step above simply refusing to talk to it.
I don't see how creating code that is intentionally malicious can be legal even if the chip itself is a fake. IANAL --- but would speculate that such code seem terroristic in nature.
http://www.hawknest.com/
The thing that really bugs me the most about this is, they don't have to make counterfeit chips to sell them, if they simply made another chip that used an ssop-24 or whatever standard case the FTDI ones use, and made it pin compatible, but released it under their own name, people would still buy them, most people buying cheap chips from china know they're not getting an ftdi chip, they don't really care they want something so they can build to a price and include X functionality.
If the silicon itself is a unique design (and i'm not saying it is) then they would be totally above board..
If Microsoft was FTDI, it would format hard disks on computers with non genuine copies of Windows.
OpenBSD would never have let a vendor do something like this.
Fine, I'll just come out and say it, it's what we're all secretly thinking anyhow.
This is just another nail in the coffin pushed by none other than then N S A.
They want to be able have a documented chain of custody for every component in every piece of your equipment so the cyberpolice can backtrace any illegal encryption and punish scapegoats to justify their exponentially growing budgets. This way they can automatically tell if you done goofed and make sure the consequences will never be the same.
WARNING : may contain MKPUPPET triggers. Processed on machinery that may have also been used to process peanuts. Oops, maybe we should have put that up front.
the preceding comment is my own and in no way reflects the opinion of the Joint Chiefs of Staff
How many emergency communications systems will go down because a device died right after applying a Microsoft-delivered patch?
How many emergency communications systems will go down because of some recently-patched-by-Microsoft vulnerability got through because the administrator took an extra day or two beyond what he already does to thoroughly validate that Microsoft patches wouldn't brick his system?
In short, how many people will die because of this? Here's hoping the answer is "less than 1".
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
Intentional and willful destruction of another person's property for the base reason that he didn't buy with you but with your competitor? I don't know about your country, but over here in socialist Europe we have consumer protection laws that deserve that name.
I would say that modifying the PID on the chip is pretty far from "intentional and willful destruction." From one of the comments in the support board posting masquerading as TFA:
And
While it is rather underhanded, had FTDI done this the *correct* way and just interrogated the chip and refused to work with a fake, this would be a non-story. At the same time, just modifying the PID is far from "destroying" the device. If FTDI's driver did something that actually did damage to the hardware, I might be more sympathetic. That's not to say that I think FTDI did the right thing, just that the did not actually damage or "brick" anything. The device isn't broken, it just needs to have its PID reset. Once that happens (and I guess that's what FTDI was trying to do), the end user will be painfully aware that they have a counterfeit chip.
As I said, poorly executed and likely to cause some backlash, but no hardware is damaged or destroyed. Unless you're an idiot.
No, no, you're not thinking; you're just being logical. --Niels Bohr
You go to your bank. They notify you that your cash is counterfeit. You can't spend it. Your money has been "bricked".
(Yes, it's an imperfect analogy. Is there such a thing as a perfect analogy?)
Can you tell, by merely looking at it, whether a given device is using GenuineFTDI(TM)(R)(C)(BFD) chips, or whether it's a counterfeit? Can you tell by using whatever the Windows equivalent of lsusb is? No? Then there is a random, non-trivial chance that plugging in your serial-ish device will either:
Thus, in the mind of the user, FTDI == Flaky. And Flaky == Avoid.
Congratulations, FTDI. Ten points for avoiding your feet, but minus several million for shooting yourself straight in the head.
Editor, A1-AAA AmeriCaptions
Hehe, thanks for the good laugh.
Cut the crap, FTDI modifies the chips in such a way as to not work with any drivers, not just theirs. They are breaking them. Willfully and maliciously.
Bricked implies that the change is irreversible. This is simply a change to the PID, which can be undone or set to some other PID pretty easily. So no, not bricked, not destroyed, just fake detected and it's fakery undone as a matter of configuration.
What could their liability be if the bricked a device and as a result someone suffered real damages when the resultant device failed to work as expected? It would seem to me to be OK to make your driver not work with fakes, but even if the driver's license agreement said you agreed to let them brick devices they could still be liable. In addition, the person plunging in the device may not be the owner of the computer and never agreed to the license that came with the driver. Or, what if it accidentally bricks a real chip due to some unforeseen bug in the driver.
I can understand their desire to stop counterfeits but it seems to me that the solution was not very well though out
I'm a consultant - I convert gibberish into cash-flow.
The chips are not destroyed.
The main message consumers will end up with is
"Don't buy any product claiming to use and FTDI part, it might go dead unexpectedly"
Consumers can't tell real FTDI from clones, they can just look at the IDs.
So they need to avoid all parts with an FTDI ID.
I actually ship a device that implements FTDI's protocol in an MCU, and simply glue an otherwise unused FTDI chip to the board as a physical "license token". It's more reliable that way, and I can offer way better buffering and sync than the FTDI chip would allow. As long as they don't use real crypto in their chip, I'm not worried - an afternoon with a protocol analyzer should solve any issues. And if they do use crypto, then I'll probably have my buddy decap the chip and look for the private key bits on the die.
A successful API design takes a mixture of software design and pedagogy.
For the vast majority of consumers, changing the PID to 0 is absolutely damaging the product. Product works one day, plug it into the computer with the new driver and it stops working. It's broken. Yes it can be fixed, but it's well beyond the comfort zone of the average consumer, which means they need to either pay someone to fix it, go begging for help, or buy a new one.
The evidence is that the PID was changed, but there is no evidence that this was done intentionally versus it being a bug in the counterfeit chip. Sure, it *may* be FTDI's fault, but so far eevblog is instead assuming FTDI is at fault without evidence and is chock full of "me too!" posters rather than people patiently sitting down and examining what the new driver change is actually doing.
I think the most interesting part of the story was this little gem:
> This chip is completely different! We can notice right away that number of contact pads is much higher than needed. Chip has marking "SR1107 2011-12 SUPEREAL"
I'm guessing that's supposed to be SUPER EAL, which as far as I can tell isn't an actual Evaluation Assurance Level, but that's just hilarious given the situation.
Yes, the bricked chips can (allegedly) be restored to working order through the use of a utility. "Hang on. Would this utility be furnished by the very same company that wrecked my device in the first place?" Why yes; is that relevant? "Very fscking hilarious; I'll be looking elsewhere for my USB-serial adapter needs from now on..."
This is a distinction without a difference, as they say. You wouldn't cut any slack to a malware author who tried to claim, "Oh, the files aren't destroyed. They're merely encrypted, and can be restored to their previous condition through the use of this handy-dandy decryption key, available exclusively from me... for a modest fee..."
Editor, A1-AAA AmeriCaptions
I believe it is legal to "borrow" another vendors VIN and identify to the OS as another vendor's product. However it would then be a licence violation to put the USB logo anywhere on the device as using an unlicenced VIN is against spec.
Great idea. Will do. Just ... umm... how do I find out just WHICH controller chip is used in the USB stick I plan to buy?
I may not be the best example, considering that I have rather intimate knowledge of USB controller chips due to the nature of my work. I may actually be able to find out what controller chip is used in USB sticks. But because of this I can inform you that it is anything but trivial to find out just what controller is being used in a stick. Let's put it that way: Quite often finding it out involves ordering one and a good magnifying glass...
Even assuming that an average consumer knows what a controller chip is (quite unlikely), that one is used in an USB stick (it gets more unlikely) and he knows where to look for it and what to look for on it (now we're getting into the land of fairy tales), it's nearly impossible for him to even know whether he buys something with a "good" or forged chip. And the only way to find out involves disassembling the USB stick in a way that voids the warranty.
The real kicker is that I, someone who could actually find out whether he buys good or forged sticks, i.e. someone who might be at least somehow blamed for using forged goods, could actually maybe even recover the stick from its "bricked" status. Whereas someone who buys a stick in good faith because he has no other option would really now lose his data.
That's fair, eh?
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
Based on the story, it seems like once you plug in the illegitimate devices, they're going to be reassigned the bad PID fairly quickly making them rather useless afterwards. Unfortunately that would pre-empt any sort of windows app which tests whether they're legitimate.
In Linux-land, I'd guess that the current driver still works well. Does anyone know of a way to test whether devices are legitimate?
Maybe there have been a lot of support calls on these fake devices not working properly. If that's the case, why not nip the problem in the bud and kill off the counterfeit chips. I pushed for FTDI USB to serial chips in some of my company's products because they work and have good OSS support. I've had too many other USB to serial adapters give me problems, but never FTDI based ones. FTDI also provides a lot of useful code for doing interesting things with their chips, like JTAG and I2C.
This post is encrypted twice with ROT-13. Documenting or attempting to crack this encryption is illegal.
In this case they are using the FTDI trademark and USB ID. This is not second sourcing but counterfeit FTDI chips.
This post is encrypted twice with ROT-13. Documenting or attempting to crack this encryption is illegal.
I've had issues with many non-FTDI USB to serial adapters but the real FTDI ones have been rock solid. I pushed for integrating a quad FTDI USB to serial chip into one of our products since the FTDI chip can also do i2c and JTAG. I'm sure a knock-off chip would have a lot of problems. I've had the FTDI serial chip reliably running at 10Mbps.
This post is encrypted twice with ROT-13. Documenting or attempting to crack this encryption is illegal.
You can't write back the PID but you can FORCE it! :)
http://forum.gsmhosting.com/vb...
Irrecoverable vs recoverable is a distinction with a huge difference. Bricked is bricked, this is reversibly altered so as to no longer report that it is something it is not.
On the other hand, that could have been accomplished by doing something like display an error "your device contains an unrecognised/counterfeit chip and cannot be used with this driver.", or possibly a BSOD. That doesn't break the device but does prevent its use with the driver while notifying the user.
With any luck some opensource alternative becomes the popular option among people who need this functionality and that companies like MS and Apple simply start to refuse to distribute the malicious drivers. When a company pulls a stunt like FTDI I simply hope that they are out of business before the next 5 years. Genuinely hope.
and here we have very first attack of BadUsb. Computer malware infecting and destroying USB connected peripherals, possible because USB device had no firmware signing/authentication and was build to let anyone update it.
Who logs in to gdm? Not I, said the duck.
While it is rather underhanded, had FTDI done this the *correct* way and just interrogated the chip and refused to work with a fake, this would be a non-story.
they did for the last 4? 5 years? and it was a non story because fake chips were shipped with hacked or older driver and worked while still claiming to be FTDI
Who logs in to gdm? Not I, said the duck.
I didn't say it was fair. In fact, I said it was rather underhanded. That said, the manufacturer should provide a driver for their hardware. But that would require more work than just copying someone else's design, wouldn't it?
Given that FTDI invested in the R&D to design the chip and write the driver, I would expect that they should be able to decide if they want their driver to work with chips made by other manufacturers.
I'll say it again. FTDI went about this the wrong way, but just as ignorance of the law isn't a defense, a consumer's ignorance of technology shouldn't require a manufacturer to support those who steal their designs and profit from them.
I tell you what, go ahead and develop a new device and start selling it. I'll copy your design and sell it for 25% of your price, and instruct users to install your software for the device. If you make any attempt to stop me with your software, I'll blame you and suggest you be sued. Sound good?
I'll say it one more time -- FTDI went about this the wrong way.
Their driver should just ignore any device that it can detect as counterfeit and produce an error suggesting that the user contact the actual manufacturer for a driver. Assuming there is no such driver, then the consumer is hosed.
No, no, you're not thinking; you're just being logical. --Niels Bohr
Perhaps the only way to spot a fake is to attempt a config EEPROM write to an address that's larger than the size of the EEPROM. On FTDI chips, such writes fail (I checked). On fakes, perhaps they wrap around... Still, they could have perhaps written somewhere safe, like at the end of the data area, not at the beginning. But then, perhaps the wraparound bug is an off-by-one and you can only kill the PID that way. Who knows.
A successful API design takes a mixture of software design and pedagogy.
I went to google and searched cheap usb to serial adaptor and bought the cheapest one
So, you're complaining because you got exactly what you paid for, why? I realize that you don't care about the chips inside, which is why you went cheap, because Rodex Watch keeps time just like a Rolex, looks like a Rolex even. You can't get mad at Rolex when your cheap watch doesn't work when you upgrade it using Rolex technology.
All I cared about was a cheap way to get access to my switches.
And you got that. You got exactly what you paid for. A cheap counterfeit.
Agent K: A *person* is smart. People are dumb, stupid, panicky animals, and you know it.
Are you talking about an unattributed result of a purchase event, or are you pretending that's a deliberate action every buyer knowingly made?
It really doesn't matter. People lie.
Any sufficient level of incompetence is indistinguishable from malice.
Agent K: A *person* is smart. People are dumb, stupid, panicky animals, and you know it.
If you buy a Frod, thinking it is a Ford, you do. That is what happened here. Renault isn't counterfeiting Ford Cars or trucks.
Car analogy: If you bought a Frod, and took it to Ford Dealer and they put in a Motorcraft Oil Filer that damages your FROD because it isn't a Ford, is Ford Responsible because all you cared about was the Frod Car was cheaper on eBay?
Agent K: A *person* is smart. People are dumb, stupid, panicky animals, and you know it.
So, you're okay with ID theft then as well. After all, opening up credit in your name didn't spend any of your money.
Agent K: A *person* is smart. People are dumb, stupid, panicky animals, and you know it.
Comsumer products with this chip in them won't ship with FTDI's VID and PID. They provide a utility for that purpose. This is not a problem that comsumers are going to encounter.
Nobody could complain if they simply went and made their driver incompatible with the forged chips. If there is no working driver, then the customer would have to complain with the original maker of the hardware and demand a working driver. That's quite within FTDI's rights.
The point is that they attack the firmware of the device involved, which is by no accounts ok anymore. This isn't locking out a competitor, it's destruction of a competitor's hardware. Yes, that competitor didn't act correctly by trying to get a free ride. No doubt about that. By that logic, though, it's just a-ok for any printer maker to trash the printer (e.g. by hosing it with printer ink) should they detect that you use anything but their overpriced original stuff.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
car anlology time.
Its like you taking you car into a dealer them finding you got a oil change at a non-dealer mechanic so they brick engine control chips on your cars on board computer and saying its you problem you can fix it you just need to overhaul then engine to get at it and re flash the firmware and it will work fine. So its not broken even though it won't start and requires special equipment and non trivial time money and knowledge to fix.
for all intents and purposes it is broken and they are responsible for breaking it
---Saying gnome 3 is better than windows 8 not so much a compliment as it is damning with light praise.
Nobody could complain if they simply went and made their driver incompatible with the forged chips. If there is no working driver, then the customer would have to complain with the original maker of the hardware and demand a working driver. That's quite within FTDI's rights.
The point is that they attack the firmware of the device involved, which is by no accounts ok anymore. This isn't locking out a competitor, it's destruction of a competitor's hardware. Yes, that competitor didn't act correctly by trying to get a free ride. No doubt about that. By that logic, though, it's just a-ok for any printer maker to trash the printer (e.g. by hosing it with printer ink) should they detect that you use anything but their overpriced original stuff.
We are clearly in agreement here except on a single point: changing the PID is neither attacking the firmware nor damaging the hardware. After a PID change, the hardware (and firmware) is still functional -- as long as either some driver can recognize it or the PID is reset to a valid ID.
It may be that FTDI was unable (or unwilling) to find a way for their driver to stop supporting the counterfeited chips, so they just removed the mask (the PID) on the chip that claimed the counterfeits were genuine. That's not damaging the hardware or the firmware, merely modifying an embedded setting.
All that said, FTDI's actions were not appropriate -- and they will likely end up paying for it in the court of public opinion. However, FTDI's driver did not damage or harm the chips themselves -- and they certainly weren't (as some here have claimed) "bricked."
No, no, you're not thinking; you're just being logical. --Niels Bohr
car anlology time.
Its like you taking you car into a dealer them finding you got a oil change at a non-dealer mechanic so they brick engine control chips on your cars on board computer and saying its you problem you can fix it you just need to overhaul then engine to get at it and re flash the firmware and it will work fine. So its not broken even though it won't start and requires special equipment and non trivial time money and knowledge to fix.
for all intents and purposes it is broken and they are responsible for breaking it
You know, I was thinking of using a similar analogy myself. However, the analogy just doesn't fit, so I bagged the idea.
A better analogy would be that you bought a car from a dealer who claimed it was a Ford, but when you took it in to the actual Ford dealership, they checked and found that it was a Yugo (yes, I'm old) masquerading as a Ford.
Under those circumstances, it makes no sense to get all butthurt that Ford won't service the car -- they didn't produce it.
Whether or not the Ford dealer has the right to remove any logos or other identifiers (like the USB PID) that make the Yugo look like a Ford is another question. And the answer is probably not, IMHO. But that doesn't mean Ford needs to service such a vehicle, does it?
No, no, you're not thinking; you're just being logical. --Niels Bohr
From the article, the fakes are not bricked it is just their device ID is changed to 0. FTDI are simply saying this isn't one of our chips so we won't let it work with our driver. If the clone manufactures produce their own driver and don't try to use IDs that are for FTDI chips there isn't a problem. It might be better if the FTDI simply refused to recognise the fakes and didn't make any ID changes but I guess the problem it that people would still believe that FTDI hardware was at fault...
Those manufacturers that include fake chips will end up with a lot of returns and might reconsider using fakes. There does not appear to be any legal basis for these manufacturers or the producers of the fake chips to go after FTDI but the end users might. This has raised awareness of the fakes and the fact that FTDI has the ability to do something about them which might be enough for FTDI so consider the exercise a success and a newer driver without this behaviour could follow soon.
It's possible it's not even the chip itself at fault, but possibly the board implementation. It's very common for low cost devices to throw out a clock crystal and replace it with an RC oscillator or similar that is close enough in timing to sometimes work (depending on part variation, temperature, etc).
This is one reason why some cheap card readers just don't work very well.
FTDI has .... interesting level of support, they THINK they are the only ones in the universe with a USB to various serial devices, but they are not, prolific chips are easier to design with since they are pretty much a drop n go part, TI and Microchip have some good ones, and any yahoo can take a cheap usb device capable micro and make their own which is what arduino did years ago.
so I applaud you FTDI for taking a stand, DONT make it a pain in the ass for me, the guy who has no problems using someone else's chip in my design
> malice
...I never thought I'd say "doddering" in my life.
I'm telling you, she didn't hate you, your dad clearly said to go with video games.
Maybe you can't tell them apart, but I posit that for every doddering aunt's purchase of that shovelcrap, there were zero cases of malice. Globally.
Car analogy: If you bought a Frod, and took it to Ford Dealer and they put in a Motorcraft Oil Filer that damages your FROD because it isn't a Ford, is Ford Responsible because all you cared about was the Frod Car was cheaper on eBay?
but this is Ford installing a Motorcraft oil filter which was designed not to open if it was connected to a Frod, not one which just happens to not open in that condition. There's a massive difference there, and the difference is one of intent.
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
> Except the chip wasn't, as you put it, "killed." The chip is still fully functional with a driver that will support it.
WRONG, WRONG, WRONG. The firmware ID in the device is modified so that...
a) it doesn't work with the new driver
b) it doesn't work with the old driver on the current OS
c) it doesn't work with any driver on any other OS
> That FTDI doesn't want to support counterfeited chips with the driver it developed for the real article is reasonable.
>
> Why should FTDI support chips it didn't make?
When a copy of Microsoft Windows decides that it *MIGHT* be a fake, it goes into reduced functionality mode and gives you 30 days to validate it. It does not wipe your hard drive. If the FTDI driver detected a fake, and merely refused to function, I'd be unhappy, but that would be within their rights. Bricking the device, requiring an estoteric bare-metal binary writer to unbrick it, is crossing the line.
I'm not repeating myself
I'm an X window user; I'm an ex-Windows user
This is going to be a real problem with embedded systems. At my last workplace, we had coin/bill vending units hooked up to PCs, which were connected using a FTDI serial-to-USB connection. I think the chip was legit – but how would I be able to tell? We purchased these vending units from a manufacturer, which in turn, I'm sure, bought the serial-to-USB chips (or even pre-made boards) from another vendor. What if that other vendor used clone chips without telling anyone?
And yes, we did occasionally install FTDI driver updates on these. If one of these units were to be bricked, FTDI is going to be open to some very substantial lawsuits. Arguing "unclean hands" won't work when the people getting hurt are about four steps removed from any actual culpability.
Nobody could complain if they simply went and made their driver incompatible with the forged chips. If there is no working driver, then the customer would have to complain with the original maker of the hardware and demand a working driver. That's quite within FTDI's rights.
The point is that they attack the firmware of the device involved, which is by no accounts ok anymore. This isn't locking out a competitor, it's destruction of a competitor's hardware. Yes, that competitor didn't act correctly by trying to get a free ride. No doubt about that. By that logic, though, it's just a-ok for any printer maker to trash the printer (e.g. by hosing it with printer ink) should they detect that you use anything but their overpriced original stuff.
We are clearly in agreement here except on a single point: changing the PID is neither attacking the firmware nor damaging the hardware. After a PID change, the hardware (and firmware) is still functional -- as long as either some driver can recognize it or the PID is reset to a valid ID.
It may be that FTDI was unable (or unwilling) to find a way for their driver to stop supporting the counterfeited chips, so they just removed the mask (the PID) on the chip that claimed the counterfeits were genuine. That's not damaging the hardware or the firmware, merely modifying an embedded setting.
All that said, FTDI's actions were not appropriate -- and they will likely end up paying for it in the court of public opinion. However, FTDI's driver did not damage or harm the chips themselves -- and they certainly weren't (as some here have claimed) "bricked."
Regardless of whether they were permanently 'bricked' or not, your initial comment was about 'technologically ignorant users' somehow 'requiring' them to support the fake product - the driver can simply refuse to work with the device.
Now, however, you take that 'technically ignorant user' who went out and bought say 3 x 4GB USB dongles that happened to have fake FTDI chips in them, unaware of that fact of course, who then copies his business critical data, say 3 years worth of work, onto all 3 of them (for safe keeping)... then his machine auto-updates his driver (because, again, he's a technically ignorant user) and suddenly he can't get to his data... in fact, again, technically ignorant, he tries all 3 dongles (if the first one fails, try the backup(s) right?).
Now, he can't even take them to another machine that maybe didn't get the driver update, or a Linux machine without the proprietary FTDI driver... sure, it's 'fixable' by him say paying an IT geek (a non-technically-ignorant person) to reprogram the USB ID, but that's a cost he is incurring because of what FTDI did to his devices. And that isn't to mention that perhaps he needed that data to bid on a potential $million contract with someone, on a deadline that he's now missed because of what FTDI did to 'damage' his devices.
He most certainly, if it can be proven that FTDI is *deliberately* breaking (even temporarily) the devices in question, has a good case for damages from FTDI.
The import of a counterfeit product into the EU carries a fine up to 10k Euros / item. People bringing back fake Rolex watches were hit with a fine higher than the price of the genuine thing. Just saying...
Perhaps, but if I buy a watch off a guy on the street with a long trenchcoat filled with watches, I'm not 'importing' anything, he did (or perhaps his supplier).
Right... so you'd prefer they physically break your hardware rather than spit out an alert that you've got a counterfeit part and refuse to load the driver? Makes sense.
It's not competitor, it's counterfeiter. These are chips stamped with FTDI's logo that aren't made by FTDI. http://hackaday.com/2014/02/19...
And THIS is why we can't have any thing nice... People who buy solely on price drive down the cost so far it's impossible to keep open companies that make good quality parts.
TL,DR: Cheapskates screw things up for the rest of us.
I tend to buy on the two extremes. I own an ipad in a waterproof case and a top of the line android phone.
I also own several cheap android tablets that my kids can abuse, I can hack on, take to the beach, etc...
I think there is a very good use case for both ends.
The usb bridges I own, I mostly use to talk arduinos. Quality isn't a big concern as long as it mostly works
which is why I opted for a $3 bridge instead of a $25 bridge when for my application I can't tell the difference
(that is unless somebody starts intentionally sabatoging them).
it is more than just removing decals though it is more like they welded shut the ignition and broke the key off in the door locks and then say not our problem because we removed the decals before we broke it
what they did not only is refusing to fix some one else’s product but they broke some one else property for because third party made a knockoff. attack the producer sure but that does not give you the right to break other peoples shit maliciously
---Saying gnome 3 is better than windows 8 not so much a compliment as it is damning with light praise.
Why shouldn't it be legal for me to write software that, as one of the features, detects and deals with low quality counterfeits? The problem is merely that users didn't know this would happen, probably because it was buried in a several page pile of legalese known as an EULA. Conversely, if they had placed what I would consider a fair notice on their software, it would inconvenience their legitimate users but no one would have felt sorry for the illegitimate ones.
Don't waste your vote! Vote for whoever you want, unless you live in a swing state it won't matter anyways
Dear FTDI, fix your damn Mac drivers. I'm tired of them kernel panicing my machine and you refusing to help because I'm not the OEM buyer of the chips. KTHXBYE.
At the same time, just modifying the PID is far from "destroying" the device. If FTDI's driver did something that actually did damage to the hardware, I might be more sympathetic.
Let's say you take your car into a dealership and they flash the ECU so that the car won't start. No physical damage was done, so it's all good.
Please stand clear of the doors, por favor mantenganse alejado de las puertas
The bad chips are advertising themselves as genuine FTDI parts. The FTDI driver is making a reversible change to the EEPROM of the imposter chip so that it nolonger masquerades as a genuine FTDI part.
I agree it's a borderline case, but I think in this case it's defensible.
Regardless of whether they were permanently 'bricked' or not, your initial comment was about 'technologically ignorant users' somehow 'requiring' them to support the fake product - the driver can simply refuse to work with the device.
Now, however, you take that 'technically ignorant user' who went out and bought say 3 x 4GB USB dongles that happened to have fake FTDI chips in them, unaware of that fact of course, who then copies his business critical data, say 3 years worth of work, onto all 3 of them (for safe keeping)... then his machine auto-updates his driver (because, again, he's a technically ignorant user) and suddenly he can't get to his data... in fact, again, technically ignorant, he tries all 3 dongles (if the first one fails, try the backup(s) right?).
Now, he can't even take them to another machine that maybe didn't get the driver update, or a Linux machine without the proprietary FTDI driver... sure, it's 'fixable' by him say paying an IT geek (a non-technically-ignorant person) to reprogram the USB ID, but that's a cost he is incurring because of what FTDI did to his devices. And that isn't to mention that perhaps he needed that data to bid on a potential $million contract with someone, on a deadline that he's now missed because of what FTDI did to 'damage' his devices.
He most certainly, if it can be proven that FTDI is *deliberately* breaking (even temporarily) the devices in question, has a good case for damages from FTDI.
Actually, what I said was:
Since (based on what you wrote) you misunderstood my statement, I'll explain. I make two points:
1. FTDI blundered badly (whether that bites them with legal action, we'll have to see) by having their driver reset the PIDs of counterfeited FTD232 chips to '0'.
2. Many folks posting on this thread (not you, BTW) seem to be making the argument that FTDI should somehow suck it up and support counterfeited chips with their drivers. That isn't the case, IMHO. Caveat emptor.
You pointed out that:
[emphasis added]
As TFA (and much of the discussion here) points out, the chip in question (FTD232) is a USB/Serial converter (UART) and isn't used for flash drives -- nor is the driver, so your example isn't realistic. Sure, modifying the PID will inconvenience users, but it doesn't put anyone's data at risk.
The updated driver modified the PID setting (to a value of '0') on hardware not manufactured by FTDI that was using FTDI's assigned VID/PID.
One more time: I do not think that FTDI did the right thing and I suspect it will come back to bite them in the ass. But FTDI did not damage anyone's hardware.
No, no, you're not thinking; you're just being logical. --Niels Bohr
At the same time, just modifying the PID is far from "destroying" the device. If FTDI's driver did something that actually did damage to the hardware, I might be more sympathetic. Let's say you take your car into a dealership and they flash the ECU so that the car won't start. No physical damage was done, so it's all good.
There's the rub. For your analogy to work, it would need to read something like this:
Let's say you take your car (a Honda, for example) into a dealership and they see that it's not actually a car manufactured by them, but a car that copied their designs and sells cheap knockoffs with 'Honda' written in all the right places, and change proprietary settings in the car electronics so that the car won't start. No physical damage was done, so it's all good.
No, it's not right and it shouldn't have happened. But caveat emptor.
No, no, you're not thinking; you're just being logical. --Niels Bohr
> ... the PID can be reset. It's not a brick at all. OP is off the rails. FTDI FTW.
Great. Now let's see Joe Lunchbox or your mother ...
a) diagnose the rason that a device stopped working
b) find, download, and successfully appy a corrective patch
Geek Squad, or whoever, will charge money to fix the problem.
I'm not repeating myself
I'm an X window user; I'm an ex-Windows user
One difference I've noticed between Windows and Linux...
* in Linux, plug in a USB key, or hard drive, or other USB device, and if you have the appropriate driver, "it just works". One USB "mass storage device" driver works for all USB keys and hard drives
* in Windows...
--- plug in a brand X USB key the first time, and Windws goes off onto the internet and installs a special driver
--- plug in a brand Y USB key the first time, and Windws goes off onto the internet and installs a special driver
--- plug in a brand Z USB key the first time, and Windws goes off onto the internet and installs a special driver
Come on guys, a USB key is a USB key, is a USB key. If it has some esoteric functionality, OK, otherwise don't clog up the registry and the hard drive with drivers for every USB key model that has ever been inserted into the machine..
I have a USRobotics USR5637 http://www.usr.com/en/products... USB CDC "56K" dialup modem for backup on the rare occasions my broadband goes down. It's a hardware modem that works in Windows, Mac, Linux, DOS, etc. Once I set up the kernel options in linux "it just works", without constantly downloading updates. WTF is Windows always updating?
I'm not repeating myself
I'm an X window user; I'm an ex-Windows user
For the vast majority of consumers, changing the PID to 0 is absolutely damaging the product.
It turns out you actually can use FTDI's own tools to reprogram the PID to a generic one. See here. So, in a sense, FTDI has already released a "fix". It is unfortunately a multi-step process, although I'm sure it won't be long before someone wraps that up in a small one-click executable. In fact, the counterfeiter could do that itself. (Although to do so would be to own up to the counterfeit, which would make them an instant target for FTDI's legal department.)
http://www.eevblog.com/forum/r...
driver is "testing" eeprom, fake chips fail the test
Who logs in to gdm? Not I, said the duck.
Well, that is indeed new since I posted. Glad someone went out to get actual evidence instead of just raging without it.
However, where'd that source code come from, I've wanted to look at it in the past?
you need to ask "marcan", he is the one that posted it on eevblog
Who logs in to gdm? Not I, said the duck.
My only exposure to FTDI comes from using USB or serial cables to program various kinds of two-way radios. In many cases, an FTDI chip is involved somewhere in the cable that we use to do this programming.
But even in cables sourced directly from the radio manufacturer, there is no way for us to tell whether the chip is legit or not. And if we have to obtain a cable from eBay or some other supplier, all bets are off. But it's not like we can go to a certified place to get a cable. There aren't any such places. But again, even cables direct from the factory may or may not be legit. We don't control that.
All we do know is that we're supposed to use FTDI drivers to run it.
The real answer here is to come up with an open-source or free driver that can support these chips and remove the support needs from FTDI.
Sig for hire.
They tried to get it into the linux kernel today:
https://lkml.org/lkml/2014/10/...
But I"m not upgrading it with their technology. I'm running windows updates. I didn't even know what driver was being used. I plugged it into windows and it worked!
If you had to go to their website and download a driver then I would agree, but that is not the case.
Now consumers are becoming aware that there's a massive counterfeiting problem and can be better educated to ask their vendors "Hey, is my device legit?" I certainly had no idea that this was going on.
How in the hell is the consumer supposed to know that the USB chip in a device is not legally using the FTDI PID? That is the biggest load of crap I've heard. The is NO F'ING WAY the consumer can possibly know that the USB PID is wrong and that's assuming you can copyright a number which btw you can't.
FTDI READ THIS : It is against the law in the USA to intentionally damage private property. You may also be in trouble under the many computer crimes acts we have here. You have no claims to the PID as it is a number and cannot be copyrighted. You do have the right to sue in a court of law to enforce your copyrights but do not have the right to damage private property.
MICROSOFT READ THIS: You are probably subject to culpable liable for any damage as you knew the intent for the damage was called out in FTDI EULA and distributed FTDI's product anyway.
Enjoy the lawsuits and fines.
Umm... how do these forged drivers get the blessing from MS to be considered drivers that you can install without clicking through half a dozen "this is not the driver you're looking for" screens?
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
After some hunting around, I figured out how to unbrick a bricked FTDI device (set the PID back to 6001) using the ft232 tool on Linux.
I wrote up the steps here for those that are interested:
http://www.minipwner.com/index...
FTDI is headquartered in Scotland.
http://www.legislation.gov.uk/...
For the purposes of the act, the serial adaptor is a 'computer' -as it's a data storage device that is plugged into a computer.
Destroying, or recklessly damaging the devices stored data is in principle worth up to a ten year sentance.
John Doe sees that his cheap whatever stopped working all of the sudden. One of the two happens:
- It was expected that this cheap shitty something off ebay or alibaba will not last. Let's buy another one for 5$ including shipping and accessories.
- In the off-case it was acquired from somewhere it can be returned to Doe returns it, manufacturer/distributor knows it's a cheap shit with knockoff chips so shuts up, uses the available tool to fix the ID/replaces it with a new one, instructing John to install an old driver and disable all windows updates in order to ensure stability in the future
FTDI has made a statement concerning recent driver problems & how they are now being resolved ftdichipblog.com/?p=1053
Dahamma,
FTDI has pulled the update.. http://www.ftdichipblog.com/?p...
http://www.hawknest.com/