FTDI Driver Breaks Hardware Again

janoc writes: It seems that the infamous FTDI driver that got famous by intentionally bricking counterfeit chips [NOTE: that driver was later removed] has got a new update that injects garbage data ('NON GENUINE DEVICE FOUND!') into the serial data. This was apparently going on for a while, but only now is the driver being pushed as an automatic update through Windows Update, thus many more people stand to be affected by this.

Let's hope that nobody dies in an industrial accident when a tech connects their cheap USB-to-serial cable to a piece of machinery and the controller misinterprets the garbage data.

First PoNON GENUINE DEVICE FOUND

...

Supply chains

Thanks to the reality of supply chains, companies intending to buy the real deal can accidentally buy the knockoffs. Anyone willing to do this(or their previous actions, like bricking devices) is someone I intend to never purchase from, real deal or not.

There are now plenty of competitors to FTDI. Don't buy FTDI- even if you think you're buying the real deal, reality can intervene.

Re:Supply chains

[willaien]

MCP2221, CH340G, etc. Just see:

http://www.eevblog.com/forum/r...

Re:Supply chains

[willaien]

And why is this the end-user's fault, again? Why do they feel that they need to cause it to malfunction or (in the case of a year ago), brick the device with an official driver from microsoft that gets pushed on the end user without them asking for it (or agreeing to their onerous T&C)?

Why punish the end user who doesn't even know what FTDI is or what a USB chipset even does for buying a product?

Re:Supply chains

But you sure as fuck won't be sure you're getting ACTUAL FTDI components. FTDI WILL NOT GUARANTEE that a chip is real unless it is purchased directly from them. This includes chips purchased THROUGH THEIR DISTRIBUTORS.

They can't police their own fucking distributors, dude. Get a fucking grip.

Re: Supply chains

[guruevi]

The problem I've found with a LOT of USB things even the FTDI ones is that they're only putting out a stepped up 12V or even just 5V while classically the serial port was a bit above 12V.

Although the spec allows for +3V/-3V at the lowest end, most stuff just won't work well. Also the stepped up voltages seem to have a lot of noise and variation, again something the spec allows but "back in the day" few allowed for those.

Also, the USB data bus frequency leaks noise into the serial bus portion, sometimes visibly on a scope or definitely noticeable on a spectrum analyzer. The problem probably being poor design and shielding on modern computers. I've also had some issues with ground loops but that is only in very specific circumstances.

For critical applications, I've found the Ethernet serial servers are more reliable. Even running commands through an Arduino will do better in a pinch. But those cheap USB adapters are good enough for setting up a switch or uploading a firmware when the device is out of order anyway but are not intended to be permanently attached.

Microsoft's responsibility and WHQL

What is Microsoft's responsibility here?

They are pushing out drivers that bricks hardware through their Windows Update service?

How the hell did this pass their WHQL?

Re: Microsoft's responsibility and WHQL

[ZorinLynx]

Yep, Microsoft should revoke WHQL on future driver versions and refuse to certify FTDI drivers in the future.

This is a blatant violation of trust; end users have no way to know if the FTDI chips in their devices are genuine.

Re:Microsoft's responsibility and WHQL

[FatdogHaiku]

I would imagine Windows Hardware Quality Labs tests the drivers against the hardware they are made to support. Requiring anyone to test real drivers against fake hardware would be a Gordian knot as new knockoff distributors appear and then fade away when someone starts trying to find them. I'm sure the same factory would produce the same knockoff and a "new" distributor would get it into the supply chains.

All that being said, I learned long ago not to let Windows update my hardware drivers, any hardware drivers. I just fixed one the other day where suddenly a favorite resolution on an LCD TV was missing. It took a bit to figure out the latest graphics driver (Intel via Windows update) installed a management program limiting display resolutions. Removed that program (and hid the update) and everything was back to normal.

Of course, in this case it would not matter where you got the update, if your device is counterfeit it gets tagged.

Re:Microsoft's responsibility and WHQL

[OzPeter]

If Whipslash is reading this - one thing that would be a REALLY interesting addition to Slashdot would be to go find someone from the company to speak to these issues, if possible. Something of an immediate Q&A to either clear up the news or confirm that the situation is as crummy as it appears.

I don't think that /. will every be able to work like that. Compare /. with Ars. Ars actually employs genuine technical minded journalists and produce long form stories of their own. When appropriate they do reach out to all parties to get comment from both sides. /. on th either hand is really just a news aggregator with a fancy commenting system. If anything it should be up to the producers of the original story to looking for comment.

Re: Microsoft's responsibility and WHQL

Yep, Microsoft should revoke WHQL on future driver versions and refuse to certify FTDI drivers in the future.

This is a blatant violation of trust; end users have no way to know if the FTDI chips in their devices are genuine.

This would be how I'd handle it.
1) After you login you see a message from windows. Automatic update of FTDI serial driver has failed. FTDI serial driver reports non genuine hardware. Warning the use of counterfeit hardware may cause system instability or other undesirable behaviour. Wouuld you like to disable the previous driver, or continue using it and mark it as non upgradeable? A non upgradeable driver may have bugs and other issues that could, in time, expose your system to threats. Long term use is not recommended.

Re:Keeping me happy for disabling auto-updates

[ArmoredDragon]

I don't know why this is happening to USB to Serial drivers, of all things, because even worse shit happens with Prolific chipsets. Prolific did a hardware refresh and then instantly obsoleted all of the previous generation chips. Otherwise not a problem, except if you use Windows 8 or newer then the fucking driver they issue causes a code 10 hardware. If you use an older on 8 or newer then they work fine, but stupid Windows Update keeps replacing it with the bad driver unless you use a bit of ini file hackery.

What makes this worse than the FTDI situation is that Prolific is doing it to their own hardware to force you to buy a new one.

Re:Pure crap

[Darlok]

Not necessarily true. Low-level technology like this is frequently the source of "cascading failure" that can endanger people or property.

For instance, we have many USB-to-Serial devices installed in chains that capture weight readings from industrial scales. If this suddenly and inobtrusively starts causing that measurement data to be misaligned in the output, those weight readings could be transmitted to shippers who may or may not re-weigh the product based on our volume. In the worst case scenario, something like this could be done as the last check-weight for loading an aircraft -- a weight-critical application where getting it wrong can cause a tail-strike on takeoff.

Screwing with low-level data INTENTIONALLY is never a good thing. End users have no way of ever knowing that it's happening. Pushing it by Windows Update, where no devs are involved to catch the error, is a recipe for potential disaster somewhere.

This IS Pure Crap... on the part of FTDI.

here's the safe driver for these chips

[raymorris]

Here's the safe driver, in the form of source code so you could check it yourself if you want to.

http://lxr.free-electrons.com/...

This driver does require a non-crap operating system, of course. Linux, FreeBSD, OpenBSD, etc probably OSX will work too.

Re:FTDI Serial Driver?

[drinkypoo]

Why would a vendor of a basic USB-Serial port converter bother writing a driver?

Because the FTDI chip actually works. It's one of the very few USB to Serial chips that has proper timing and signals to make it work with marginal, antiquated hardware. A lot of people trying to use old automotive scan interfaces and the like which interface with serial have serious problems when using other chips.

I have literally never had a USB device outside of HID or mass storage which didn't need its own special snowflake driver, even though USB has driver profiles for several types of device.

Going after the wrong people

[wisewellies]

Why can't FTDI realise that this kind of behaviour is only going to hurt innocent end users, rather than the people responsible for peddling counterfeit devices? I've bought hundreds of these devices in the past from reputable suppliers, and in precisely zero cases can I determine whether the chipset is genuine or not before purchase. If I can't tell what I'm buying, then why am I being punished when I've bought in good faith? Why can't FTDI instead use existing mechanisms and laws to find the people responsible?

Of course Linux drivers for these devices work every time, counterfeit or not. Perhaps a different approach might be for someone to take the Linux code and create a decent open-source Windows driver to replace the buggy (i.e. injecting unwanted serial data) FTDI code?

At this point, I think I'd avoid FTDI hardware...

[stazeii]

Son of a.... I spent, literally, 4 hours yesterday trying to troubleshoot a 3d Printer (Tinyboy 3D), with it not working. MProg from FTDI said the chip was fine (right vendor and product ID), but it just wouldn't work. I tried every driver I could find. Finally, I uninstalled the driver, disabled wifi, plugged it in, waited for Windows 7 to install the version it knew (2.4 something), used Mprog 3.5 to reprogram the chip as legit (as per: https://www.youtube.com/watch?...), unplugged, replugged (at which point windows reinstalled it again, with 2.4), and suddenly it started working! I can confirm this "Non Genuine" serial data, since I opened up the Arduino IDE and saw that on the serial console. You know, I sympathize with FTDI. They're having their tech ripped off. But, it's inappropriate to punish end users who don't have any say. Sure, we could not buy stuff that uses counterfeit chips, but many sellers aren't even going to know. FTDI should be pursuing the counterfeiters in China, and using what legal system China has to stop it. Either that, or create a version of the chip that has such a low price point, they put the cloners out of business by providing legit-working-alternatives for a price point. So annoying that I've lost time because FTDI does this crap, and apparently Microsoft is okay with it (I don't see how this should have passed WHQL).

Re:Keeping me happy for disabling auto-updates

[ArmoredDragon]

So, your problem may well be that you have a counterfeit "Prolific" chip that Prolific's driver no longer plays nice with.

No, that's not the problem at all. You can read yourself from Prolific's website:

http://www.prolific.com.tw/US/...

Note on that page how they no longer support "EOL chipsets" even though they work fine in windows 8 and 10 if you simply use an older driver that doesn't care about what OS version you have. If you use a newer one though, the driver throws a code 10 error so it won't work, unless of course, it detects a non-EOL chipset.

FTDI is malware

[stooo]

FTDI is malware.

Use Linux.
use MCP2221.

I don't blame FTDI, fake chips hurt them

[AaronW]

One problem these counterfeit chips pose is that all the sudden companies like FTDI end up with a lot of support costs for people who bought shoddy products with the fake chips, which often don't work nearly as well as the real thing. This is a way for FTDI to crack down on the counterfeit chips. While it sucks for the consumers that end up with the fake chips, it will also help put a stop to the counterfeit chips since any product that uses them will not work.

At my company we make a number of development boards using the quad FTDI chips for the serial interface. We use them because in addition to RS232 they also can talk I2C and JTAG, among other things. I can reliably run the FTDI chips at 10Mbps. I've used other USB to serial devices in the past but I've had lots of problems with them. Some cables I bought, for example, will just suddenly stop working and I have to periodically reset the baud rates.

Why should FTDI have to bear the burden and support costs of counterfeit chips? If somebody else slaps the FTDI manufacturer ID and product ID onto their USB device then they deserve whatever happens. Why should FTDI have to spend resources supporting fake chips? By doing what they are doing, it will drive the fake chips out of the system and prevent future ones.

I work for a chip manufacturer and while there's a very low risk that someone will make fake chips like ours (very complex network processors), we have had to add features to our chips so that our end customers can prevent counterfeit equipment which just copies their software. We have some large customers who have been battling Chinese made counterfeit equipment.