Slashdot Mirror

← Back to Stories (view on slashdot.org)

FTDI Removes Driver From Windows Update That Bricked Cloned Chips

Posted by Soulskill on from the righteous-backpedaling dept.

New submitter weilawei writes: Last night, FTDI, a Scottish manufacturer of USB-to-serial ICs, posted a response to the ongoing debacle over its allegedly intentional bricking of competitors' chips. In their statement, FTDI CEO Fred Dart said, "The recently release driver release has now been removed from Windows Update so that on-the-fly updating cannot occur. The driver is in the process of being updated and will be released next week. This will still uphold our stance against devices that are not genuine, but do so in a non-invasive way that means that there is no risk of end user's hardware being directly affected." This may have resulted from a discussion with Microsoft engineers about the implications of distributing potentially malicious driver software.

If you design hardware, what's your stance on this? Will you continue to integrate FTDI chips into your products? What alternatives are available to replace their functionality?

62 of 572 comments (clear)

  1. Computer Missues Act 1990 by jabuzz · · Score: 4, Informative

    They are a Scottish firm subject to U.K. Law (specifically Scottish law). As such unauthorised modification of computer materials is a criminal offence punishable with a maximum sentence of six months in jail or a 5000GBP fine.

    Stopping their device driver working with clone/counterfeit chips is fine. Making modifications to data help on such chips is outright illegal.

    1. Re:Computer Missues Act 1990 by queazocotal · · Score: 2

      Ten years, if it's decided to be more serious and is handed over to thehigher courts to prosecute.

    2. Re:Computer Missues Act 1990 by khasim · · Score: 5, Insightful

      And even without the law it seems fairly simple.

      You do not INTENTIONALLY break equipment that you do not own. You do not do that. No matter how you feel about that equipment. Particularly when the person who now owns said equipment has no idea that there is a problem.

      And I'd be wary of any company that could not understand that.

    3. Re:Computer Missues Act 1990 by g0tai · · Score: 2, Interesting

      Why would FTDI have to ensure their driver doesn't break chips that aren't theirs? There's no agreement, licensing, or goodwill.

      The cloners took their chances with the FTDI PID:VID because they were too lazy to buy their own and make their own drivers, or license. Simply trying to make more money because they could con people into thinking their chips were genuine when they were not, *OR* simply getting out of making their own drivers and submitting to microsoft for windows update (all of which costs).

      Basically, it's theft from the cloners. FTDI put a stop to it as trying to raise copyright infringement in china is laughable and next to impossible as no-one over there cares.

    4. Re:Computer Missues Act 1990 by jabuzz · · Score: 5, Insightful

      Two wrongs don't make a right, was hopefully something that your parents taught you when you where quite small.

      The issue is that the FTDI driver is deliberately reprogramming a chip that is not theirs and for which they have no authorisation to do so. This is an unauthorised modification and illegal.

      You cannot stick something in a license agreement that allows you to break the law, because the courts will hold that part of the license agreement null and void.

      As many many people have said the right and legal thing was to simply stop working and post a message to the user that the chip is a counterfeit/clone.

    5. Re:Computer Missues Act 1990 by cdrudge · · Score: 5, Informative

      Why would FTDI have to ensure their driver doesn't break chips that aren't theirs? There's no agreement, licensing, or goodwill.

      FTDI doesn't have to ensure that their driver doesn't break chips. It sounds however that FTDI went out of their way to detect whether the chip was a counterfeit or not, and if it was, specifically write to it to disable it when it could have just as easily done nothing (as disabling the driver from functioning).

    6. Re:Computer Missues Act 1990 by Racemaniac · · Score: 2

      but you forgot, it's authorized. they clearly stated it in their EULA!

      what do you mean you didn't read it?

    7. Re:Computer Missues Act 1990 by g0tai · · Score: 4, Interesting

      They didn't disable it though, they simply moved the PID off their allocated range.

      The chip still works, just not with FTDI's drivers. Nothing was broken.

    8. Re:Computer Missues Act 1990 by g0tai · · Score: 2, Insightful

      Again (as per previous posts) :) FTDI didn't break anything - they moved the USB ID off their allocated(and payed for/licensed range) and that was that

      The chip still works. However, not with FTDI's drivers. this would be the case if the chip was blocked by their drivers or the device ID was changed.

      For example linux has a patch that allows the chips to work as a PID of 0. This is the driver that's been updated to recognise it. FTDI have no such obligation in their drivers

    9. Re:Computer Missues Act 1990 by itzly · · Score: 2

      If the chips no longer work as designed, they are not "fine".

    10. Re:Computer Missues Act 1990 by Andy+Dodd · · Score: 2, Informative

      "The issue is that the FTDI driver is deliberately reprogramming a chip that is not theirs"

      Except they're only doing this to their USB VID/PID - which IS THEIRS.

      If you use FTDI's VID/PID, you're trying to pass yourself off as an FTDI chip, and it is YOUR FAULT ALONE if an operation that does not cause issues on genuine FTDI hardware does bad things to your own.

      (If you look at the decompiled code, the driver attempts to write the EEPROM on all hardware. However, genuine FTDI hardware won't actually START the write operation until the driver does "additional stuff" - but clones will immediately write the new EEPROM value.)

      --
      retrorocket.o not found, launch anyway?
    11. Re:Computer Missues Act 1990 by AmiMoJo · · Score: 2

      The driver writes a value into EEPROM that sets the device's PID to zero, after which it doesn't work. The write fails on real hardware because the EEPROM doesn't accept writes to even addresses, only odd ones. Fake hardware accepts the write.

      On the surface it looks malicious. FTDI's statement was all about the merits of genuine ICs, not "oops we bricked some fake devices, sorry".

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
    12. Re:Computer Missues Act 1990 by ledow · · Score: 2

      "As many many people have said the right and legal thing was to simply stop working and post a message to the user that the chip is a counterfeit/clone."

      As lots of OBD2 software does if you don't use a genuine ELM327 chip.

    13. Re:Computer Missues Act 1990 by Dredd13 · · Score: 2

      No, they moved it to "0" ie, unassigned.

    14. Re:Computer Missues Act 1990 by Holi · · Score: 2

      Well since no OS will mount a USB device with an ID 0 the chips and devices no longer work.

      --
      Sorry, teleporters just kill you and then make a copy. A perfect, soul-less copy.
    15. Re:Computer Missues Act 1990 by Anonymous Coward · · Score: 3, Informative

      And that argument would absolve them if the bricking was accidental due to the VID/PID issue. Unfortunately their subsequent blog post on the topic has them admit it was intentional. This makes their actions illegal.

    16. Re:Computer Missues Act 1990 by g0tai · · Score: 2

      But the USB PIDs are explicitly licensed, so does that not negate it in this instance?

    17. Re:Computer Missues Act 1990 by TheGratefulNet · · Score: 5, Informative

      just yesterday, there was a linux kernel patch (on the usb drivers mailing list) that now allows a 0000 pid for ftdi devices.

      also, there was a tool by mark lord that allows you to write back any pid value you want, for example, when I ran it, I got this output (and it 'fixed' the chip again, too):

      % ./ft232r_prog --old-pid 0x0000 --new-pid 0x6001

      ft232r_prog: version 1.24, by Mark Lord.
                    eeprom_size = 128
                        vendor_id = 0x0403
                      product_id = 0x0000
                  self_powered = 0
                remote_wakeup = 1
      suspend_pull_downs = 0
                max_bus_power = 90 mA
                  manufacturer = FTDI
                            product = FT232R USB UART
                        serialnum = (elided...)
            high_current_io = 0
          load_d2xx_driver = 0
                  txd_inverted = 0
                  rxd_inverted = 0
                  rts_inverted = 0
                  cts_inverted = 0
                  dtr_inverted = 0
                  dsr_inverted = 0
                  dcd_inverted = 0
                    ri_inverted = 0
                            cbus[0] = TxLED
                            cbus[1] = RxLED
                            cbus[2] = TxDEN
                            cbus[3] = PwrEn
                            cbus[4] = Sleep
      Rewriting eeprom with new contents.

      --

      --
      "It is now safe to switch off your computer."
    18. Re:Computer Missues Act 1990 by tshawkins · · Score: 5, Insightful

      You do know that the routine inside thier drivers as assertained from the symbol tables in the driver code was called "BrickClonedDevices" I think that is a smoking gun, and shows intent. How much chance does 99% of the population have of recovering the functionality of a bricked device, even if pid 0 is rewritable. Its like telling a comsumer that a phone that has scrambled its eeprom is still perfectly ok, all they have to Do is buy a JTAG interface, hook it up, learn several years of embedded systems knowledge. But its not bricked is it. For all intentive purposes it is Bricked as far as a consumer is concerned who has never heard of FTDI.

    19. Re:Computer Missues Act 1990 by QuasiSteve · · Score: 3, Insightful

      Except they're only doing this to their USB VID/PID - which IS THEIRS.

      That may be a matter of interpretation.

      They are changing a number which is theirs (not sure if they'd have IP law on their side, or only the USB association's 'hear, hear!').

      However, this change occurs by actually modifying EPROM states, said EPROM most not being theirs.

      Of course then there's the bit about them not knowing that because it identifies itself as being theirs, thus it being the counterfeiters' fault for not counterfeiting it well enough to match the genuine article when sent this particular set of instructions, and the counter-issue that there doesn't appear to be any good reason to use those instructions except for targeting counterfeits, but that plain warnings don't seem to stem the tide of counterfeits, and whether counterfeits really are as big of an issue in the markets where they get most actively used anyway, and you've got a bit of a clusterfornication.

    20. Re:Computer Missues Act 1990 by Anonymous Coward · · Score: 2

      The legal system takes a very dim view to people who feign ignorance. If that EEPROM write instruction does nothing to the original chips, then there's no reason for it to be in the driver other than to brick the clones. That is intentional, not accidental. FTDI has been wronged, but that does not give them the right to retaliate, and certainly not to retaliate against people who have no idea they have counterfeit hardware. Bringing criminals to justice is exclusively the job of law enforcement, not of some company gone vigilante. This isn't the movies.

    21. Re:Computer Missues Act 1990 by Anonymous Coward · · Score: 2, Informative

      However, the counterfeit chips *chose* to use FTDI drivers by using FTDI's licenced (and payed for PID/VID). That's not FTDI's problem.

      Actually, it's not theirs if it's a counterfeit chip. You can't use those numbers when you make a certified USB product, but this very likely wasn't a certified USB product, it just happened to work like a USB device if you plug it into a USB port. FTDI may have had an agreement with whoever owns the USB IP and keeps track of those numbers, but outside that agreement they have no rights to it. The makers of the counterfeit chips very likely have no contract with whoever licenses USB so they don't break any terms if they use a number already used by someone else.

      And FTDI have moved those chips off their USB id.

      The chips and device still work, just not with FTDI's drivers. Nothing was 'broken'.

      No, that was exactly the problem. They rewrote the PID/VID to 0, which makes the device inaccessible because that's an invalid ID.

    22. Re:Computer Missues Act 1990 by gweihir · · Score: 5, Informative

      Actually, it is not. "Their" USB VID/PID can legally be used by anybody, it just means that the USB logo may not be used. AFAIK (and just checked on some FT232 I have), there is no USB logo on these chips.

      --
      Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
    23. Re:Computer Missues Act 1990 by gweihir · · Score: 2

      They are not. What is licensed is the USB logo and that license has a condition about these IDs. As soon as you do not use the logo, you can use whatever IDs you want on your chips.

      --
      Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
    24. Re:Computer Missues Act 1990 by bill_mcgonigle · · Score: 4, Insightful

      Except they're only doing this to their USB VID/PID - which IS THEIRS.

      No. They're doing it to property that other people own. Just because that property advertises a fraudulent USB ID does not transfer ownership of that property to FTDI. They are intentionally breaking other peoples' property and even crowing about it.

      FTDI is taking an end-justifies-the means stance, and implementing a vigilante approach. It's drinking the imaginary property Kool-Aid that gets people drunk on ideas like this, and they seem to lose all judgment.

      "If I want to deprive you of your watch, I shall certainly have to fight for it; if I want to buy your watch, I shall have to pay you for it; and if I want a gift, I shall have to plead for it; and, according to the means I employ, the watch is stolen property, my own property, or a donation. Thus we see three different results from three different means. Will you still say that means do not matter?" - MK Gandhi

      --
      My God, it's Full of Source!
      OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
    25. Re:Computer Missues Act 1990 by ChumpusRex2003 · · Score: 3, Insightful

      Why would FTDI have to ensure their driver doesn't break chips that aren't theirs? There's no agreement, licensing, or goodwill. The problem is that this was not accidental. The FTDI anti-clone code in the driver is very sophisticated and actually performs a "preimage" cryptographic attack, to ensure that the clone chip doesn't detect the invalid configuration and auto-reset to factory defaults. Deliberately and with premeditation setting out to "damage" (which in legal terms includes temporary malfunction or impaired function) hardware is not legal without a court order or similar legal basis. The 2nd issue, is that of ensuring that they do not inconvenience wholly innocent parties. They failed at this. The FTDI anti-clone code will also deactivate genuine FTDI chips which have been configured with an external configuration memory in certain circumstances. This has been reported by a company which build development boards with numerous FTDI chips in different configurations; they found that the chip with an external EEPROM would get corrupted by new driver, even though the components were obtained from an authorized distributor.

  2. Must have been a fun conference call... by fuzzyfuzzyfungus · · Score: 4, Insightful

    I can only imagine that the lucky guy who picked up the call from Redmond about 'so, we understand that you...made a few changes...to the behavior of your WHQL drivers that frankly don't make Windows Update look very good...' got quite an earful.

    Even if MS thinks FTDI is on the crusade of the righteous, it certainly isn't to their advantage to have Windows Update involuntarily pulled into the fiasco.

    1. Re:Must have been a fun conference call... by Anonymous Coward · · Score: 2, Interesting

      At least this was a nice test to see if Microsoft cares about the quality of the WHQL driver pool.

  3. Alternatives? Same problem.. by Daemonik · · Score: 4, Insightful

    FTDI's chip is popular, and heavily counterfeited. Right or wrong they felt they had to go to these lengths to protect their business, and it has had the effect of bringing counterfeited chips into the public consciousness.

    The problem however, is that switching to another chipset won't eliminate the counterfeiters and the people who slip these chips into the supply chain to save a few bucks.

    So the better question is how can we improve the system to ensure that counterfeit chips aren't being secretly swapped into our products.

    1. Re:Alternatives? Same problem.. by queazocotal · · Score: 2

      It would have been quite reasonable to - on plug-in, put up a 'this device is using a counterfeit chip'. Banner.
      (though if the chips merely reimplement the API -and do not copy the chip, and are not sold as made by the company - it is questionable if it's really counterfeit)

    2. Re:Alternatives? Same problem.. by JesseMcDonald · · Score: 3, Interesting

      They use FTDI's USB VID/PID - this is representing yourself as an FTDI chip.

      Only to the computer, which doesn't really count. These IDs could reasonably be considered part of the interface to the hardware; exceptions have been granted for both copyright and trademarks in the past when the infringement was required for the sake of compatibility. The real question is whether the buyer was misled to believe that these chips were manufactured by FTDI. It seems that this was indeed the case, but that's a separate issue from the USB VID/PID.

      --
      "The state is that great fiction by which everyone tries to live at the expense of everyone else." - Bastiat
  4. Sorry They're Changing by Dredd13 · · Score: 4, Interesting

    If I was a hardware manufacturer, this would make me MORE likely to use FTDI chips. It means I have greater confidence that what I'm getting is "real", because I know that they are actively trying to make counterfeiting their product more difficult.

    1. Re:Sorry They're Changing by Dredd13 · · Score: 2

      *My* company doesn't go under in that model, because my company in that model is more careful about where I buy my chips from, getting them directly from FTDI for example, to ensure the provenance of the hardware I'm selling, rather than trying to find lots of them on alibaba.

      When you explain to accounting that we lose ALL the money if they use the fake chips, versus a small amount of money by using the real, most accountants get it.

      And - yes - there are companies who will randomly sample chips from lots of 1000, 10,000, whatever, and open them up to verify that "the five units we sampled in this lot at random" were legitimate. It's part of their COGS calculations.

    2. Re:Sorry They're Changing by flopsquad · · Score: 2

      At first I knee-jerk disagreed, because of my personal feelings about their crazy "it's ok to break other peoples' stuff" mentality. But looking at it from a HW mfr perspective, you're absolutely right.

      I know that my supplier is tough on counterfeits, check. They're already top in quality, check. And also, I will never incur support costs in dealing with angry end-users complaining about bricked chips. My competitors might, if they're cheapos, and that's a competitive advantage. The aggregate cost to cleanup their mess could even outweigh the few cents they saved going with a counterfeit.

      --
      Nothing posted to /. has ever been legal advice, including this.
    3. Re:Sorry They're Changing by Dredd13 · · Score: 2

      If you don't understand why you'd care about ensuring that you're using quality components rather than cheaply made knock-off fakes, remind me never to put you in charge of my supply chain.

    4. Re:Sorry They're Changing by Dredd13 · · Score: 2

      If that's happening, I sue the bejeezus out of the factory worker. Or I decide "the risk isn't worth it", and control my own manufacturing.

      There are solutions to all these problems. They may cost more up-front, but that's -- again -- the market normalizing itself as it weeds out the cancer of fraud.

    5. Re:Sorry They're Changing by Qzukk · · Score: 2

      Well obviously you can, you just need to install this driver.

      --
      If I have been able to see further than others, it is because I bought a pair of binoculars.
  5. Can the counterfeit chip be detected? by jones_supa · · Score: 2

    Is there a way to detect a counterfeit chip without bricking it? If that's the case, they could have just added a System Log message "FTDI device attached to system is not genuine! Driver will not start." Then the driver would return an error and Control Panel would show a yellow exclamation mark for the device.

  6. Re:Counterfeiters not competitors by Dredd13 · · Score: 2, Interesting

    When you send your fake Rolex (that you think is real) into Rolex for service, they don't send it back to you, they confiscate it as a counterfeit and it's destroyed. I went through this myself with a fake Mophie battery pack. They sent me back a photograph of the giant piles of counterfeit batteries that they confiscate because they came in for warranty work, and they weren't real.

    This is functionally no different from that.

  7. Not a chance by Anonymous Coward · · Score: 2, Informative

    My involvement with hardware is currently only as a hobbyist, but there's a hardware project I might get on soon at work. FTDI has shown that it is willing to punish both direct and indirect customers for a wrong committed by a third party, and has not even remotely recanted that view. Management apparently thinks that they merely went too far when the world is shouting at them that going in that direction at all is unacceptable.

    The obvious alternatives for USB-to-serial are:

    1) Prolific 220x
    2) Build a soft UART with a suitable microcontroller (PIC, AVR, Cortex-M0, whatever); this is apparently how the fakes work anyhow. Conform to USB CDC and most operating systems should have a built-in driver.

  8. Yes we're going to keep using FTDI chips by gweeks · · Score: 3, Interesting

    We don't use any of the serial only chips, but on the higher end with JTAG and SPI the FTDI parts work great and aren't too expensive. If any "clone" chips get into our supply chain we would be very pissed at whoever did it. We specify actual FDTI parts for a reason. The "clones" have very hit or miss quality. We don't use them under windows either.

    1. Re:Yes we're going to keep using FTDI chips by __aajfby9338 · · Score: 4, Insightful

      If FTDI provided a standalone counterfeit detection tool that manufacturers could use at final test or just as a spot check, then that could be helpful for conscientious designers/manufacturers like you or me who might find fake chips in our supply chain and then be really angry about that. We want to discover the problem before our finished goods end up in our customer's hands! It wouldn't address the problem of manufacturers who knowingly use fake parts or who just don't care, but it would be a step in the right direction. Deliberately and silently borking the fake chip after it's already in the end user's hands potentially causes a support burden for legitimate manufacturers of products using FTDI chips, without giving those manufacturers the information they need to constructively address the problem.

    2. Re:Yes we're going to keep using FTDI chips by j-beda · · Score: 2

      We don't use any of the serial only chips, but on the higher end with JTAG and SPI the FTDI parts work great and aren't too expensive. If any "clone" chips get into our supply chain we would be very pissed at whoever did it. We specify actual FDTI parts for a reason. The "clones" have very hit or miss quality. We don't use them under windows either.

      I suspect however that if FDTI fakes did make it into your supply chain, you would much prefer any FDTI software updates to toss up a "we won't work with this device" message rather than making the device not work with any software. I don't know that I would continue to use a supplier with this type of business practice if there were any viable alternatives.

  9. Re:Counterfeiters not competitors by QuasiSteve · · Score: 3, Insightful

    When Rolex sneaks into your house because somewhere in your apartment lease you agreed that trusted maintenance people could do so to make sure that everything is on the up and up, finds your Rolex to be a fake, and takes a winding gear out... would you consider that to also be functionally no different?

    Because that's more akin to what has happened.

    Windows users allow Windows (by default) to let WHQL drivers to be updated silently. FTDI made use of this mechanism to update their driver. Their driver, when called upon to communicate with the device, then sends it some data which either does nothing (genuine) or reversibly disables it (if counterfeit).

  10. Stupid is as stupid does by eclectro · · Score: 4, Interesting

    Any BOM that passes through my hands will get FTDI crossed off. I'm sorry they have a counterfeit problem. They need to improve anti counterfeiting measures instead of inflicting collateral damage. Their abrupt decision is smelly no matter how you look at it.

    --
    Take the cheese to sickbay, the doctor should see it as soon as possible - B'Elanna Torres, "Learning Curve"
  11. It's in the license! by Pedrito · · Score: 2

    The FTDI driver license states "The license only allows use of the Software with, and the Software will only work with Genuine FTDI Components. Use of the Software as a driver for a component that is not a Genuine FTDI Component may irretrievably damage that component. It is your responsibility to make sure that all chips you use the Software as a driver for are Genuine FTDI Components." Surely they neglected to share this with their lawyer. You can't punish users because the manufacturers are breaking the law. How is my mother going to know if she has a genuine FTDI chip or not? That's just asinine.

  12. Re:Counterfeiters not competitors by fuzzyfuzzyfungus · · Score: 3, Insightful

    That isn't actually so clear:

    According to the die shots, the clone chips' implementation is more or less entirely different from the FTDI implementation. Intended to be pin-compatible, and exhibit the same behavior; but totally different silicon, not a cut and paste job.

    The clones that are then labelled and sold as 'FTDI' are, certainly, in all kinds of violation of trademark law; but what of any that are just blob-topped or generically packaged and not represented as being actual FTDI? Not something FTDI likes, or is obliged to provide driver support for; but neither was the Compaq 'IBM PC compatible' BIOS.

    Even if the (typically very harsh, though widely unenforced) laws regarding trademark infringing goods do actually allow FTDI to brick them in the field, they haven't actually established that a given chip is a counterfeit, rather than a mere clone, before bricking it. Unless they wish to claim that "0x0403" is entitled for trademark protection, the driver is hardly in a position to distinguish between the two.

  13. Re:Counterfeiters not competitors by QuasiSteve · · Score: 2

    I'm quite certain that most people wouldn't even know that they invited anybody into their house - as it is, they're technically already in the house (FTDI's drivers come with Windows). The invitation would be with the update - but as the occupant, I'm even unaware of this invitation. In this analogy, I trust my landlord, and my landlord trusts the maintenance people. The maintenance people broke that trust, no matter how well-intentioned their actions.

    As far as the winding gear bit - FTDI merely cause a re-write of the USB PID to 0000. Nothing that can't be restored, just as a winding gear can be put back into place. It's not so much destruction as it is disabling.

  14. From another OEM fighting couterfeit copies by twdorris · · Score: 4, Insightful

    We had a similar situation come up with one of our older products. People copied our initial hardware designs some 12 years ago, built (crappy) knock offs and sold them as their own along with copies of our chips to go along with it. The black market was clearly going to run us out of business and I despised the idea of having to basically compete with ourselves just to keep handing new features over to leeches. It was infuriating to the point that I had seriously considered just shutting the business down and moving on to other things.

    Instead, we spent a LOT of time redesigning our stuff to prevent anyone from (reasonably) being able to do that again. We basically wasted an entire year just dealing with counterfeit issue rather than improving our core product.

    Luckily it paid off and we were able to shut that whole black market segment down. But at one point we had to consider the same option FTDI did. We gave thought to effectively bricking devices that we were able to identify as counterfeit or, worse, someone would send us one of these counterfeit packages asking us for support or service on the item. We had to basically return to them a chip and adapter we knew, without a doubt, was a bogus copy of our stuff.

    It was hard, but we knew full well we could not possibly damage or keep something they had purchased through what they considered legitimate channels. FTDI should have realized this as well. They royally screwed up on this one.

    It's a little strange, though, because if you buy something somewhere and it ends up being a stolen item, you're obligated to give it back to the original owner. I mean the police trail leads to your doorstep, you're out the item you bought whether you knew it was stolen or not. I guess the same concept doesn't applied to IP somehow. I'm not even sure how it would. I guess IP isn't really "property" after all.

  15. Could have been a show-stopper by kheldan · · Score: 2

    I work somewhere (a large chip manufacturer) where we use USB serial adapter cables all over our testing lab to interface things like thermal controllers. Since these are COTS items we have no control over what chip is in them. If this update had bricked our entire lab, it would have been a disaster and a total show-stopper for our testing schedule until we located (and understood!) the problem and fixed it. Personally I think it was a childish way for them to handle this situation and I'm glad they saw reason and yanked it back before it created a total disaster.

    --
    Are YOU using the TOOL, or is the TOOL using YOU? Think about it!
  16. An alternative by pjrc · · Score: 5, Insightful

    Today Atmel, Microchip and others make inexpensive microcontrollers with native USB peripherals. The Atmel "8u2" chip, for example, is less expensive than even most of the FTDI clones, and certainly a LOT less than a genuine FTDI chip.

    For years, I've published a very simple and easy-to-use USB code for those chips.

    http://www.pjrc.com/teensy/usb...

    I also publish a signed INF installer that works with ALL USB Serial based on this standard protocol (called Communications Device Class, Abstract Control Model, or CDC-ACM). All 3 operating systems have the necessary driver built in. Mac OS-X and Linux load it automatically. Windows needs the user to add a INF.

    http://www.pjrc.com/teensy/ser...

    Sadly, the CDC-ACM driver in Windows (called USBSER.SYS) is buggy. About a year ago, I sent Microsoft this reproducible bug report.

    https://www.youtube.com/watch?...

    In a follow up email a few months ago, they were supposedly testing a fix. I'm hopeful that Windows 10 may be the first version of Windows to ever ship with a good quality USB Serial driver (as Linux has done for many years, and Apple as done since releasing Lion a few years ago).

    --
    PJRC: Electronic Projects, 8051 Microcontroller Tools
    1. Re:An alternative by fnj · · Score: 3, Insightful

      You rule for sure, Paul. The Teensy line is just amazing.

  17. Re:No FDTI by Z00L00K · · Score: 2

    I don't have a problem with FTDI technology itself, the problem is with the hardware clones.

    But FTDI could have taken a different route and instead show an annoying pop-up or only allow 300bps on counterfeit chips. That would work until the counterfeit chip makers goes so far in their work to create a clone that it would cost as much as the real thing at which time it's useless.

    --
    If builders built buildings the way programmers wrote programs, then the first woodpecker would destroy civilization.
  18. pardon / execution by McFly777 · · Score: 2

    The comma might recieve a pardon, but the first period and capital B on "But" will be tried, found guilty, and executed immediately.

    --

    McFly777
    - - -
    "What do people mean when they say the computer went down on them?" -Marilyn Pittman
  19. LKML response by Anonymous Coward · · Score: 5, Interesting

    FTDI tried to also get the "brick-patch" to Linux, but Greg Kroah-Hartman blocked it with this response:

    Funny patch, you should have saved it for April 1, otherwise people might have actually taken this seriously :)

    Patches as performance art, now I've seen everything...

    greg k-h

    1. Re:LKML response by Megane · · Score: 2

      Here is the original message. It has the comment "/* Attempt to set Vendor ID to 0 */". So yeah, they are intentionally fucking with a chip when it fails to validate. And in addition to fucking over buyers of equipment where the manufacturer may have unknowingly been given counterfeit parts, they've also told the cloners exactly what to change for their next run of chips.

      Wow, just WTF. It's one thing for them to claim some loss, no matter how slight, from people leeching off of their Windows driver. But considering that the clones do not copy FTDI silicon (have ANY of them been found to do so?), and they have absolutely no claim to ownership of the Linux kernel driver, this is just greed at its worst. Also, not all clones have counterfeit labeling on the chip and can thus be considered fair competition. I wouldn't be surprised if some are even in package types that FTDI doesn't sell. Their driver may see their 16-bit VID number on the chip (you can't trademark a number, that's why Intel renamed the 586 as "Pentium"), but it can't see whether FTDI is etched on the chip or not.

      Or maybe someone can point me to something that says you can patent a register layout and chip pinout. (essentially the hardware equivalent of software APIs) Except again, there is no way that the driver can even know that the chip uses the same pinout.

      Now maybe if they had the chip return the text "FTDI" (aka actual trademark-able text) and checked for that along with some other kind of "real chip" test... but that still won't justify fucking with the chip. Just refuse to run is all you need.

      --
      #naabhaprzrag, #sverubfr-000, #agi-fcbafberq, negvpyr[pynff*=' negvpyr-ary-'] { qvfcynl: abar !vzcbegnag; }
    2. Re:LKML response by Megane · · Score: 2

      I thought I posted this yesterday, but maybe I forgot to hit submit: the original message was apparently intended as a joke, but was based on the actual disassembled code.

      --
      #naabhaprzrag, #sverubfr-000, #agi-fcbafberq, negvpyr[pynff*=' negvpyr-ary-'] { qvfcynl: abar !vzcbegnag; }
  20. My prediction Short term effect on FTDI by jockm · · Score: 4, Interesting

    Yesterday a number of my clients called me to say they wanted me to design out the FTDI FT232R from current designs and replace it with an alternative (I settled on the Microchip MCP2200). Today, after this news, I called each of them to explain FTDI's change in policy and see if they still wanted to make this change. All of them said yes.

    The feedback was essentially this: FTDI's actions left a bad taste in their mouth and they didn't appreciate this action being taken without any real attempt to notify resellers and manufacturers; and now that they know the alternate chip I proposed was about half the price as FTDI's offering they are happy to change. Now none of these people are high volume manufacturers, so it will unclear if FTDI will even notice.

    The reason I have found for most clients wanting FTDI is confidence in the brand more than anything else. This move will affect it a little, but people's memories are short, and FTDI responded quickly enough that they won't suffer too much damage. My prediction is that FTDI will take a dip in sales for a quarter , and then things will return to more or less normal; but companies like Microchip will likely see an uptick, because manufacturers more aware of the alternatives.

    --

    What do you know I wrote a novel
  21. I knew it would backfire on them... by QuietLagoon · · Score: 2
    I knew this would backfire on them.

    .
    You can't go destroying hardware owned by consumers, no matter what the reason.

  22. Re:No FDTI by Khyber · · Score: 2

    You very clearly didn't see the die exposure article.

    The counterfeit chip is in fact WAY more complex. It's not off the shelf, so to speak. They custom-modified. It's obvious once you start looking at the physical silicon.

    --
    Still waiting on Serviscope_minor to wake up to fucking reality and realize that Jessica Price isn't going to fuck him.
  23. The code has no legitimate use, does nothing on FT by raymorris · · Score: 3, Insightful

    They explicitly wrote code that intentionally bricks the connected device. It takes advantage of a bug/ implementation detail such that it does NOTHING on a FTDI device. Because it doesn't do anything at all on a genuine FTDI device, there is no innocent reason for FTDI to put it in their driver.

    If the code did something useful on an FTDI device but broke counterfeit devices, that could be accidental. That's not the case, though - the code never does anything good, it only breaks things.

  24. Re:Counterfeiters not competitors by fuzzyfuzzyfungus · · Score: 2

    FTDI didn't choose that specific value(though, thinking back to Intel's amusing choice of '8086' as their PCI vendor ID, you probably can choose a VID if you push hard enough or have a cute reason); but there are still some commonalities(though arguably some differences as well):

    The USB spec (and, probably more importantly, USB as implemented on basically all commercially relevant systems) supports essentially two mechanisms for telling the OS what driver your device requires:

    If supported by a generic class driver; your device descriptors include a bDeviceClass field containing a defined USB device class code; but isn't 0xFF(which is valid; but means 'vendor defined'), a bDeviceSubClass field with a valid subclass code, and a bDeviceProtocol field with a valid protocol code.

    If your device is supported by a specific driver(or one of the hybrid arrangements, not uncommon, where a versatile device class like USB HID will be used to do most of the low-level work; but a vendor-specific driver will implement whatever device specific behavior is offered on top of that), then you need to supply the correct VID/PID combination.

    Now, let me be clear, I see absolutely no reason why FTDI should need to provide driver support for clones, so even if Windows(correctly, as an OS) responds to a USB device with an FTDI VID/PID by loading the FTDI driver, it is fully within their rights to have a driver that detects and ignores non-FTDI parts.

    However, (and this is where the analogy to consoles and trademarked-but-technically-necessary really comes in), the USB spec does not offer a 'compatible with VID/PID' device description option. Either you specify the appropriate generic class, or you specify a VID/PID and a vendor-specific class. There is no other way (barring atypical configurations and kernel hacker tricks that aren't of much use in the wider world) to do it.

    If you want a Game Boy or whatever to load your cartridge, you need that logo to be present at the appropriate address. If you want to specify "I need the driver that supports device X", you have to supply device X's VID/PID. There is no 'compatible with device X; but actually made by me' mechanism.

    If you are buying fake FTDI gear to take advantage of FTDI's driver devs, then I have no pity. Not FTDI's problem to support you. However, there are 3rd-party FTDI-device-supporting drivers (notably on Linux and BSD, maybe somebody has ported one to Windows or OSX, maybe you plan to implement your own, whatever) that it would be perfectly legitimate for an FTDI-compatible device to request, and (so long as it doesn't involve copyright or patent infringement, or fraudulent misrepresentation) there are perfectly licit non-FTDI chips that implement FTDI-compatible behavior. The USB-IF certainly doesn't have enough power over short hex values to stop that; and I'm not convinced that we would want them to.

    A large number of now standard or semistandard devices, protocols, and command sets we don't even think about today started life as dirty clones of the more popular brand: The PC BIOS, the (still spoken, in extended form, by a moderately alarming number of things) Hayes command set, the 16550 UART (originally a National Semiconductor model number; now register compatibility with those is practically a standard in itself, thanks to about a zillion clones), the NE1000/2000-compatible NICs that helped make ethernet ubiquitous and cheap...

    Again, FTDI has every right to make the use of their drivers contingent on the use of their ICs (or some other licensing terms, if that amuses them). Also, non-FTDI parts being sold (with varying degrees of sophistication, from pure nonsense to nearly perfect fakes) as FTDI is a bad thing. For FTDI, for the buyer being defrauded, for the electronics supply chain generally.

    However, we would not be well served to be blinded to the (generally desirable and helpful, as much as incumbents dislike them) history of 3rd-party in