Author Topic: FTDIgate 2.0?  (Read 234174 times)

0 Members and 1 Guest are viewing this topic.

Offline C

  • Super Contributor
  • ***
  • Posts: 1345
  • Country: us
Re: FTDIgate 2.0?
« Reply #150 on: January 31, 2016, 11:21:18 pm »
Google "ftdi ft232 pinout compatible"
Only bit-bang mode prevents a chip swap.
The smart big manufacturers are probably asking are we still using FTDI? WHY?

Look at what is possible today for same or less cost.
If the usb device did not receive some commutations from the os side driver, it could reattach as a usb flash drive.  One small HTML formated file on the drive and it is very easy for the end user to get what is needed.

When is FTDI going to start bricking other VID/PID that use it's windows driver?
You don't harm or change someone else's property!!
The first time FTDI's actions is it's end.
This second time just nailed the coffin shut.

FTDI has caused more harm then IBM did with it's PS2 line of computers. IBM lost on the PS2.
If Microsoft does not reverse this windows update driver change then Microsoft is also a responsible party to damages.

 

Offline Karel

  • Super Contributor
  • ***
  • Posts: 1304
  • Country: 00
Re: FTDIgate 2.0?
« Reply #151 on: February 01, 2016, 02:35:57 am »
When is FTDI going to start bricking other VID/PID that use it's windows driver?

A driver is tied to a particular VID. As long as you don't mess with your system,
a driver will only be used for the devices which presents themselves with that particular VID.
If a chip is presenting itself with a VID that doesn't belong to that brand and if it is doing so without permission,
it's asking for to be bricked.
So, you don't need to worry as long as you don't use fake chips.
If you do use fake chips, you should be worried and for a good reason.
The difference between theory and practice is less in theory than
the difference between theory and practice in practice.
Expensive tools cannot compensate for lack of experience.
 

Offline janoc

  • Super Contributor
  • ***
  • Posts: 2706
  • Country: fr
Re: FTDIgate 2.0?
« Reply #152 on: February 01, 2016, 03:05:39 am »
So, you don't need to worry as long as you don't use fake chips.
If you do use fake chips, you should be worried and for a good reason.

I hope you understand the difference between "bricked accidentally because it is incompatible" and "bricked because of an explicit, malicious action". The first one should get an engineer who designed the widget fired for incompetence, the second will get your company sued. There is a fine line between these two cases and I think the wide consensus is that what FTDI is doing cannot really be considered accidental damage anymore.

I do wonder why did FTDI and Microsoft backtrack so quickly when the first FTDIgate broke out, if this sort of thing is considered acceptable - the cost of that step was certainly non-negligible. Could it be that some company lawyer got a heart attack from the idea that some large vendor could sue the bejeezus out of them for damaged equipment and the costs for dealing with the fallout of their stupid actions,  perchance?

Do we really have to go through the 70+ pages long thread from start, rehashing these thoroughly debunked arguments all over again? This is seriously ridiculous. :palm:





 

Offline eugenenine

  • Frequent Contributor
  • **
  • Posts: 748
  • Country: us
Re: FTDIgate 2.0?
« Reply #153 on: February 01, 2016, 03:24:26 am »
I suppose Microsoft's "Genuine Advantage" system should be renamed into Microsoft-gate too?


Bad example since Microsoft's "Genuine Advantage" has crippled so many legal installs of the Windows over the years.
 

Offline suicidaleggroll

  • Super Contributor
  • ***
  • Posts: 1455
  • Country: us
Re: FTDIgate 2.0?
« Reply #154 on: February 01, 2016, 03:26:37 am »
A few weeks ago I bought a battery charger from a company called Nitecore.  Apparently Nitecore has had problems with fakes, and their solution seemed simple and effective.  On every unit they send out now, they stick a small sticker with a scratch-off label like you find on gift cards and lottery tickets.  Under the scratch-off label is a code, and you can go to their website to verify the authenticity of the code (presumably once a code has been verified, it can't be checked again, to prevent counterfeiters from just making a bunch of knockoffs with one valid code).  What if FTDI did something similar on their reels?  Full reels get a verification sticker, and only when the reel is going to be opened up is that code checked.  If you buy full reels, you can check it yourself.  If you buy individuals, then you only buy from distributors who check the code before they break it down for resale.  Compared to the cost of the full reel, the minute it would take to verify the code would be insignificant.

Then FTDI could do whatever they want with the driver, and as a manufacturer you wouldn't have any doubts that the parts used on your board are genuine.
 

Offline janekm

  • Supporter
  • ****
  • Posts: 514
  • Country: gb
Re: FTDIgate 2.0?
« Reply #155 on: February 01, 2016, 04:05:01 am »
A few weeks ago I bought a battery charger from a company called Nitecore.  Apparently Nitecore has had problems with fakes, and their solution seemed simple and effective.  On every unit they send out now, they stick a small sticker with a scratch-off label like you find on gift cards and lottery tickets.  Under the scratch-off label is a code, and you can go to their website to verify the authenticity of the code (presumably once a code has been verified, it can't be checked again, to prevent counterfeiters from just making a bunch of knockoffs with one valid code).  What if FTDI did something similar on their reels?  Full reels get a verification sticker, and only when the reel is going to be opened up is that code checked.  If you buy full reels, you can check it yourself.  If you buy individuals, then you only buy from distributors who check the code before they break it down for resale.  Compared to the cost of the full reel, the minute it would take to verify the code would be insignificant.

Then FTDI could do whatever they want with the driver, and as a manufacturer you wouldn't have any doubts that the parts used on your board are genuine.

Yes, something like that is what they should be doing.
Problem: There are fakes of our chips out there and ending up in end products (whether the manufacturer intended them to or not)
Solution: Let's help manufacturers make sure they get our real chips
FTDI's solution: Let's break those manufacturer's products

Genius...  |O

What I would do is assign a unique ID to each chip (they probably do already anyway?) and keep a list on a server. Then a piece of test code can read out that ID and query the server for whether that ID is real and has been read before. No need for scratch labels and can be integrated into production tests.
 

Offline free_electron

  • Super Contributor
  • ***
  • Posts: 7034
  • Country: us
    • SiliconValleyGarage
Re: FTDIgate 2.0?
« Reply #156 on: February 01, 2016, 04:15:34 am »
Quote
if someone kills a man he will be prosecuted
So if you drive over someone with a car, is it you or the CEO of Fiat that should be charged?

CEO of FIAT! Because they make so lousy cars!

A Japanese who was killed by the atom bomb once sued US government for dropping it.
Court later found that the Japanese should have sued the guy in the plane who opened the bomb bay doors.
I doubt that. Dead people can't sue....
Professional Electron Wrangler.
Any comments, or points of view expressed, are my own and not endorsed , induced or compensated by my employer(s).
 

Online wraper

  • Supporter
  • ****
  • Posts: 9269
  • Country: lv
Re: FTDIgate 2.0?
« Reply #157 on: February 01, 2016, 04:30:28 am »
What I would do is assign a unique ID to each chip (they probably do already anyway?) and keep a list on a server. Then a piece of test code can read out that ID and query the server for whether that ID is real and has been read before. No need for scratch labels and can be integrated into production tests.
And change the silicon/IC model too to achieve this  :palm:.
 

Offline Karel

  • Super Contributor
  • ***
  • Posts: 1304
  • Country: 00
Re: FTDIgate 2.0?
« Reply #158 on: February 01, 2016, 04:42:12 am »
Do we really have to go through the 70+ pages long thread from start, ...

Nope, we all are free to ignore this thread if we want.
If, however, we decide to participate in a discussion, we have to be prepared for people expressing an opinion we may not like.

If, in your opinion, enough has been written about this topic, feel free to leave and let the others continue.

The difference between theory and practice is less in theory than
the difference between theory and practice in practice.
Expensive tools cannot compensate for lack of experience.
 

Offline miguelvp

  • Super Contributor
  • ***
  • Posts: 5549
  • Country: us
Re: FTDIgate 2.0?
« Reply #159 on: February 01, 2016, 04:50:23 am »
The other thread was about FTDI bricking devices with fake chips. Nothing to do with this (yet to be corroborated by others) problem.

What I don't understand is why would anyone designing a device would take the random serial data as a valid initialization. Surely you wouldn't design it in such a way to begin with, because a lot of things can talk to a serial COM port even if the drivers were left alone allowing communication with fake chips.
 

Offline RFZ

  • Regular Contributor
  • *
  • Posts: 50
  • Country: de
Re: FTDIgate 2.0?
« Reply #160 on: February 01, 2016, 04:52:36 am »
And change the silicon/IC model too to achieve this  :palm:.

USB FTDIChip-ID™ feature is part of the FT232R specs: A unique number (the FTDIChip-ID™) is burnt into the device during manufacture and is readable over USB, thus forming the basis of a security dongle which can be used to protect customer application software from being copied.
 

Offline janoc

  • Super Contributor
  • ***
  • Posts: 2706
  • Country: fr
Re: FTDIgate 2.0?
« Reply #161 on: February 01, 2016, 05:01:43 am »
The other thread was about FTDI bricking devices with fake chips. Nothing to do with this (yet to be corroborated by others) problem.

http://www.amazon.com/gp/customer-reviews/R208GYSGXQ134N/ref=cm_cr_pr_viewpnt?ie=UTF8&ASIN=B012YUANZK#R208GYSGXQ134N

Here a guy with an Intel Galileo board:
https://communities.intel.com/thread/80586?start=0&tstart=0

Posts on RepRap forums:
http://forums.reprap.org/read.php?262,589133

I hope that is enough to corroborate that this is a real issue? 2 minutes googling for the "NON GENUINE DEVICE FOUND!" phrase.

And while the old thread was about bricking the non-genuine hw, the same arguments are being rehashed again - often by the same people.


« Last Edit: February 01, 2016, 05:03:38 am by janoc »
 

Offline staze

  • Frequent Contributor
  • **
  • Posts: 797
  • Country: us
  • I _might_ have a problem...
    • Everybody Staze...
Re: FTDIgate 2.0?
« Reply #162 on: February 01, 2016, 05:08:25 am »
Son of a....

I spent, literally, 4 hours yesterday trying to troubleshoot a 3d Printer (Tinyboy 3D), with it not working. MProg from FTDI said the chip was fine (right vendor and product ID), but it just wouldn't work. I tried every driver I could find. Finally, I uninstalled the driver, disabled wifi, plugged it in, waited for Windows 7 to install the version it knew (2.4 something), used Mprog 3.5 to reprogram the chip as legit (as per: ), unplugged, replugged (at which point windows reinstalled it again, with 2.4), and suddenly it started working! I can confirm this "Non Genuine" serial data, since I opened up the Arduino IDE and saw that on the serial console.

You know, I sympathize with FTDI. They're having their tech ripped off. But, it's inappropriate to punish end users who don't have any say. Sure, we could not buy stuff that uses counterfeit chips, but many sellers aren't even going to know. FTDI should be pursuing the counterfeiters in China, and using what legal system China has to stop it. Either that, or create a version of the chip that has such a low price point, they put the cloners out of business by providing legit-working-alternatives for a price point. So annoying that I've lost time because FTDI does this crap, and apparently Microsoft is okay with it (I don't see how this should have passed WHQL). 
“Give a man an answer, he’ll keep his job for a day. Teach a man to Google, and he’ll be employed for a lifetime”
 

Offline miguelvp

  • Super Contributor
  • ***
  • Posts: 5549
  • Country: us
Re: FTDIgate 2.0?
« Reply #163 on: February 01, 2016, 05:11:30 am »
Intel used fake FTDI chips for their Gen 2 Galileo?

That's beyond funny :)

I do have a Galileo 1st gen, I wonder if it has a fake FTDI chip as well. Not that it matters much because the Gen1 Galileo is pretty useless since their GPIO is via I2C (or was it SPI) anyways this is hilarious.  :-DD

At least Intel will probably roll out a firmware update with their own VID and PID with their own drivers to support the fake chips.
 

Online wraper

  • Supporter
  • ****
  • Posts: 9269
  • Country: lv
Re: FTDIgate 2.0?
« Reply #164 on: February 01, 2016, 05:17:00 am »
Intel used fake FTDI chips for their Gen 2 Galileo?

That's beyond funny :)
It does not have FT232 and why it would have? The guy just connected a counterfeit adapter to it.
 

Offline Karel

  • Super Contributor
  • ***
  • Posts: 1304
  • Country: 00
Re: FTDIgate 2.0?
« Reply #165 on: February 01, 2016, 05:21:05 am »
At least Intel will probably roll out a firmware update with their own VID and PID with their own drivers to support the fake chips.

That's exactly what FTDI wants to achieve, let the fake chip users write and use their own drivers instead of profiting
from the work of others without permission.
Apparently, it's not that easy to write your own stable and reliable drivers. It's easier to let others do that job for you,
preferably for free...


The difference between theory and practice is less in theory than
the difference between theory and practice in practice.
Expensive tools cannot compensate for lack of experience.
 

Offline donmr

  • Regular Contributor
  • *
  • Posts: 132
  • Country: us
  • W7DMR
Re: FTDIgate 2.0?
« Reply #166 on: February 01, 2016, 05:28:41 am »
Since @suicidaleggroll didn't read the original discussion, he is uninformed that there is no reliable way for ANYONE (including legitimate distributors and board assemblers) to definitively identify genuine chips vs counterfeit. Many legitimate, official, authorized supply lines have discovered counterfeit chips, sometimes only revealed when the end-user tried to use the product.
...

Apparently FTDI can tell them apart or at least thinks they can.  Why doesn't FTDI help us all detect impostor parts by explaining the difference?  Yes then the fakers will replicate that too but that is what happens when you are an industry leader, you have to keep running to stay in the lead.

Ideally they would make use of the existing IP protection laws to identify their parts and prosecute forgers.
 

Offline LoyalServant

  • Regular Contributor
  • *
  • Posts: 65
  • Country: us
Re: FTDIgate 2.0?
« Reply #167 on: February 01, 2016, 05:30:44 am »
Since I stopped using FTDI stuff in my products because of the last time I can breathe easy.
Counterfeits have been found in the legitimate supply chain.
Who wants to take a risk on this?

What moron at FTDI thinks this is a viable business decision?
So what.. I am small potatoes to them
But thousands of us means a lot of lost revenue.

So here is to my heels digging in deeper and not using FTDI.
They proved here that I made the right choice.
 

Offline mtdoc

  • Super Contributor
  • ***
  • Posts: 3574
  • Country: us
Re: FTDIgate 2.0?
« Reply #168 on: February 01, 2016, 05:47:22 am »
Yep, all FTDI is accomplishing is causing consumers to doubt the reliability of anything with an "FTDI" chip.

For someone like me who feeds his electronics hobby with various cheap boards and do-dads interfacing with USB, I now actively avoid anything that claims to use an FTDI chip since I have no way of knowing authenticity before hand.
 

Offline janoc

  • Super Contributor
  • ***
  • Posts: 2706
  • Country: fr
Re: FTDIgate 2.0?
« Reply #169 on: February 01, 2016, 06:26:21 am »
At least Intel will probably roll out a firmware update with their own VID and PID with their own drivers to support the fake chips.

That's exactly what FTDI wants to achieve, let the fake chip users write and use their own drivers instead of profiting
from the work of others without permission.
Apparently, it's not that easy to write your own stable and reliable drivers. It's easier to let others do that job for you,
preferably for free...

Yay, someone didn't bother to read. Intel or anyone else will not write anything, the Galileo board was fine. The guy just used an USB-to-UART cable with a bad chip.

I suggest you read the article next time. Also, nobody needs to write any drivers - Windows (and other OSes) come with just fine drivers for the  USB CDC class.

« Last Edit: February 01, 2016, 07:54:56 am by janoc »
 

Offline miguelvp

  • Super Contributor
  • ***
  • Posts: 5549
  • Country: us
Re: FTDIgate 2.0?
« Reply #170 on: February 01, 2016, 06:36:01 am »
Who has the time, but I did go through the BOM for both Gen 1 and Gen 2, no FT232 in sight.

Well, he should return his cheap and unsupported USB-UART adapter :)
 

Offline janoc

  • Super Contributor
  • ***
  • Posts: 2706
  • Country: fr
Re: FTDIgate 2.0?
« Reply #171 on: February 01, 2016, 06:40:42 am »
apparently Microsoft is okay with it (I don't see how this should have passed WHQL).

They were ok even with the previous version that was bricking the chips and then pulled it later. I think the WHQL doesn't mean much here - FTDI has some sort of privileged position because their drivers ship directly with Windows, unlike most third-party vendors. So their stuff likely gets only the basic "does it cause BSOD/eat data" test and that's it, because they are trusted.



 

Offline janoc

  • Super Contributor
  • ***
  • Posts: 2706
  • Country: fr
Re: FTDIgate 2.0?
« Reply #172 on: February 01, 2016, 06:50:08 am »
Who has the time, but I did go through the BOM for both Gen 1 and Gen 2, no FT232 in sight.

Well, he should return his cheap and unsupported USB-UART adapter :)

Widlarize it. However, it is a royal pain when an automatic OS update breaks things behind your back, because some idiot in a board room somewhere thought that it is a good idea. I know why Windows doesn't get anywhere near my hardware and FTDI marked chips nowhere near my projects after this.



 

Online FrankBuss

  • Supporter
  • ****
  • Posts: 2145
  • Country: de
    • Frank Buss
Re: FTDIgate 2.0?
« Reply #173 on: February 01, 2016, 06:52:08 am »
So their stuff likely gets only the basic "does it cause BSOD/eat data" test and that's it, because they are trusted.
After this second incident I really hope this trusted state gets revoked. Otherwise other companies might get encouraged to do similar things.
So Long, and Thanks for All the Fish
 

Offline Refrigerator

  • Frequent Contributor
  • **
  • Posts: 755
  • Country: lt
Re: FTDIgate 2.0?
« Reply #174 on: February 01, 2016, 06:59:50 am »
When two guys fight, the third one usually wins.

Let's face it, FTDI will never muffle fake chips, you shouldn't underestimate the ingenuity of the chinese.

This is actually a good thing. FTDI now has a reason to innovate, bring a new chip with some whiz-bang security and maybe some other new and improved features.
Just started a blog at http://brimmingideas.blogspot.com/ . Not much in it as of now but more is sure to come :)
 


Share me

Digg  Facebook  SlashDot  Delicious  Technorati  Twitter  Google  Yahoo
Smf