Author Topic: FTDIgate 2.0?  (Read 230151 times)

0 Members and 2 Guests are viewing this topic.

Offline EEVblog

  • Administrator
  • *****
  • Posts: 27695
  • Country: au
    • EEVblog
Re: FTDIgate 2.0?
« Reply #200 on: February 01, 2016, 12:39:48 pm »
Yep, FTDI are blocking people who mention it, including some guy with 310,000 Youtube subscribers and a propensity to rant...

« Last Edit: February 01, 2016, 12:41:34 pm by EEVblog »
 

Online blueskull

  • Supporter
  • ****
  • Posts: 10706
  • Country: cn
  • Power Electronics Guy
Re: FTDIgate 2.0?
« Reply #201 on: February 01, 2016, 12:42:28 pm »
Yep, FTDI are blocking people who mention it, including some guy with 310,000 Youtube subscribers and a propensity to rant...



Beware, they will probably call cloudflare to block this website as well :palm:.
 

Offline iceisfun

  • Regular Contributor
  • *
  • Posts: 137
  • Country: us
Re: FTDIgate 2.0?
« Reply #202 on: February 01, 2016, 12:46:29 pm »
Does anyone know the KB that rolls out this driver so I can ignore it?
 

Offline FrankBuss

  • Supporter
  • ****
  • Posts: 2092
  • Country: de
    • Frank Buss
Re: FTDIgate 2.0?
« Reply #203 on: February 01, 2016, 12:54:45 pm »
Yep, FTDI are blocking people who mention it, including some guy with 310,000 Youtube subscribers and a propensity to rant...
They blocked you too, that's pathetic. So you can't comment directly under their tweets, but by now they should have heard of the Streisand effect. :-DD
So Long, and Thanks for All the Fish
 

Offline EEVblog

  • Administrator
  • *****
  • Posts: 27695
  • Country: au
    • EEVblog
Re: FTDIgate 2.0?
« Reply #204 on: February 01, 2016, 12:56:43 pm »
They blocked you too, that's pathetic. So you can't comment directly under their tweets, but by now they should have heard of the Streisand effect. :-DD

It's only going to get worse for FTDI from here  :popcorn:
 

Online blueskull

  • Supporter
  • ****
  • Posts: 10706
  • Country: cn
  • Power Electronics Guy
Re: FTDIgate 2.0?
« Reply #205 on: February 01, 2016, 01:09:02 pm »
Just added FTDIGate 2.0 to Wikipedia.

https://en.wikipedia.org/wiki/FTDI
 

Offline miguelvp

  • Super Contributor
  • ***
  • Posts: 5549
  • Country: us
Re: FTDIgate 2.0?
« Reply #206 on: February 01, 2016, 01:26:03 pm »
Just added FTDIGate 2.0 to Wikipedia.

https://en.wikipedia.org/wiki/FTDI

That's all good but apparently this driver has been up since  3 July 2015 as stated in the wiki and as per:
http://www.eevblog.com/forum/microcontrollers/ftdi-gate-2-0/msg854788/#msg854788

So it's not a new discovery, many reports since then but I guess this is the first one to bring up a bigger stink about it :)

A report about the July driver can be found here:
http://electropit.com/index.php/2015/09/06/arduino-nano-v3-0-clones/

and here:
https://forum.arduino.cc/index.php?PHPSESSID=21071l5u7t2agtrj5u3c25q1t7&topic=270175.msg2310682#msg2310682

« Last Edit: February 01, 2016, 01:28:41 pm by miguelvp »
 

Online blueskull

  • Supporter
  • ****
  • Posts: 10706
  • Country: cn
  • Power Electronics Guy
Re: FTDIgate 2.0?
« Reply #207 on: February 01, 2016, 01:36:06 pm »
 

Offline onlooker

  • Frequent Contributor
  • **
  • Posts: 384
Re: FTDIgate 2.0?
« Reply #208 on: February 01, 2016, 01:48:19 pm »
Quote
Wikipedia page updated.

It will be better if the tone could be more factual and neutral. As is, it may not stay there for long.
« Last Edit: February 01, 2016, 01:51:19 pm by onlooker »
 

Online blueskull

  • Supporter
  • ****
  • Posts: 10706
  • Country: cn
  • Power Electronics Guy
Re: FTDIgate 2.0?
« Reply #209 on: February 01, 2016, 01:56:40 pm »
It will be better if the tone could be more factual and neutral. As is, it may not stay there for long.

Updated. Subjective adjectives and adverbs are removed. I also added the exact string it send or reads, "NON GENUINE DEVICE FOUND!".
 

Offline FrankBuss

  • Supporter
  • ****
  • Posts: 2092
  • Country: de
    • Frank Buss
Re: FTDIgate 2.0?
« Reply #210 on: February 01, 2016, 02:04:34 pm »
Updated. Subjective adjectives and adverbs are removed. I also added the exact string it send or reads, "NON GENUINE DEVICE FOUND!".
"attack" and "victim devices" sounds a bit subjective, too, maybe just state the facts. And does it read the string, too, or only send it, and send it always, one char for every char you want it to send in a loop, or just occasionally?
So Long, and Thanks for All the Fish
 

Online blueskull

  • Supporter
  • ****
  • Posts: 10706
  • Country: cn
  • Power Electronics Guy
Re: FTDIgate 2.0?
« Reply #211 on: February 01, 2016, 02:08:40 pm »
"attack" and "victim devices" sounds a bit subjective, too, maybe just state the facts. And does it read the string, too, or only send it, and send it always, one char for every char you want it to send in a loop, or just occasionally?

Updated.
 

Offline FrankBuss

  • Supporter
  • ****
  • Posts: 2092
  • Country: de
    • Frank Buss
Re: FTDIgate 2.0?
« Reply #212 on: February 01, 2016, 02:16:32 pm »
Well, now it might be too specific with the loopback configuration :) I don't have a fake chip so I can't test it, but I guess it ony sends the string, and that's the main problem why the affected devices don't work anymore. But it might alter received bytes from an independent UART source, too.
So Long, and Thanks for All the Fish
 

Online westfw

  • Super Contributor
  • ***
  • Posts: 2823
  • Country: us
Re: FTDIgate 2.0?
« Reply #213 on: February 01, 2016, 05:15:50 pm »
Quote
Counterfeits have been found in the legitimate supply chain.
Reference?  Counterfeit FT232 devices specifically, not just "counterfeits of some chip."  Has anyone here who has a "real product" and has been buying chips from real distributors received counterfeit FTDI devices?  (No, I'm not counting Arduino-like or nth party usb/serial modules purchased from real distributors...)

Quote
hobbyist bubble
Have any non-hobbyist products been affected?   A lot of "auction site usb/serial cables", a fair number of "arduino clones and derivatives" (perhaps including genuine Arduino Nanos, and some higher-level products that USE arduino-esque boards internally (like that tinyboy 3d printer.)  (Or are we saying that arduino modules are no longer merely hobbyist devices?  Which would be an interesting development in itself!)

Quote
life support
One does hope that if you make life-support equipment, you have in fact negotiated on that "not for use in critical applications" agreement, and DO have better-than-average supply chain management AND testing.

Quote
testing and counterfeit identification
Is anyone here a large enough FTDI customer that they can categorically state that FTDI has NOT provided such a tool to their large customers?  A "counterfeit check" tool would certainly be nicer than having to run through the full driver version/windows version matrix...  I'm not sure that I'd expect it to be available to "hobbyists", though.  Or even mid-range manufacturers buying a couple thousand chips/year through Mouser/etc.

Quote
[Official FTDI distributor network sucks.]
I can agree with that.   Prior to Arduino, FTDI chips were pretty much unobtainable, except through a few odd sources.  If you wanted to use USB/Serial adapters, your best bet was an expensive USB/RS232 cable, with subsequent RS232/TTL conversion. :-(


Has anyone checked whether the new driver "malware" behaves the same with non-FTDI VID/PID ?  (Can you even change the VID/PID of the counterfeit devices?)

Has the source of the counterfeit devices ever been determined (manufacturer?  Path?)  Maybe they should just sell their own chip and do their own driver; it can't be that hard - ch340g has penetrated pretty well, to the same sorts of vendors, even though it's significantly different.

-----

I sympathize with FTDI.  I really do.  But they sure could have handled all this much better.  I too would rather have a driver that just didn't work, and plastered the "device manager" with the "counterfeit device" label, instead of bricking chips, or polluting the data stream.

I sympathize with small manufacturers.   Or I guess "designers", really.   LOTS of manufacturing below the fortune-500 is outsourced to someone, and I really wouldn't know how to go about finding someone with "good supply chain management" when I was mostly looking for "someone who's willing to deal with small volumes from a small designer."  Putting that big ???? over FTDI would not be good.   But the problem isn't unique to FTDI - they've just made it particularly obvious.  A different chip with a different clone and a more subtle problem is just as scary, right?

I even sympathize with the hobbyist ordering off auction sites.  One might expect occasional non-working merchandise.    Things that work for a while, but suddenly stop working because of a non-controllable windows update are scarier.  (although, see above about "subtle" issues.)
 

Offline marcan

  • Regular Contributor
  • *
  • Posts: 80
  • If it ain't broke I'll fix it anyway.
    • My blog
Re: FTDIgate 2.0?
« Reply #214 on: February 01, 2016, 05:34:16 pm »
After the first debacle, one could argue that perhaps FTDI didn't DELIBERATELY set out to brick chips (although the the evidence was compelling).
No. One couldn't argue that. It was proven beyond any shadow of a doubt that the bricking code was single-purpose, carefully crafted, and purposefully designed to brick clone chips. Anyone who thinks there is even the slightest chance that FTDIgate v1.0 was an accident either can't read the decompiled C code that I posted or is deluding themselves. They identified a small difference in EEPROM write behavior, then worked backwards from that to find a set of commands (including a pre-image attack on their own checksum algorithm) that would be no-ops on the real chips but brick clones. There is no chance that their driver just "happens" to include code that just "happens" to do nothing on real chips but just "happens" to know how to update EEPROM data while keeping the existing checksum correct (because it so happens that updating the checksum would affect legit chips) and just "happens" to include a write PID to 0 command that just "happens" to be a no-op on real chips due to a write buffering technicality.

But yeah, at least FTDIgate v1.0 needed reverse engineering the driver to prove intent. This one they aren't even trying to hide.

Either way, these guys have proven themselves to be utter morons in handling this issue. As I said in the past, the only REASONABLE action would be to refuse to work with clone devices with a user-visible error message informing them of the problem. Bricking devices is infantile and makes them legally liable for destruction of property. Sending garbage data is even worse, it puts USERS at risk due to malfunctioning hardware (industrial controllers and medical devices anyone?) and makes them legally liable for potential destruction of property, or worse, personal harm. Do these guys even have lawyers? Seriously, this is pathetic, wrong, and ridiculous.

Seriously, no more buying FTDI for me. After the first warning I thought maaaaybe I'd give them a second chance (if only because their chips actually work properly most of the time), but at this point I'd rather deal with quirky alternative chips than give them any money.

Incidentally, I took a look at the code and empirically tested a clone device to confirm. The driver replaces all data, TX and RX (and maybe some other things like modem status even? not sure, it's in more than 2 places), with "NON GENUINE DEVICE FOUND! " looped forever. It has nothing to do with looping back TX and RX, that is just one easy way to see it (because you need data to arrive to see the message on RX). I just cross connected a clone on a Windows PC to a legit chip on a Linux machine to confirm that both directions are clobbered. It also sets a registry key for clone devices, although it doesn't seem to check it otherwise. Maybe they're planning something even nastier for the next driver version?



« Last Edit: February 01, 2016, 05:38:34 pm by marcan »
 

Offline voltlog

  • Regular Contributor
  • *
  • Posts: 87
  • Country: ro
    • VoltLog
Re: FTDIgate 2.0?
« Reply #215 on: February 01, 2016, 06:09:24 pm »
That's such a bad PR stunt on their end to block people on Twitter. Don't they have any PR people to handle things like this?
It looks like they haven't learned anything from their mistakes and our response should be clear, we should stop using their products.

Offline Chris Jones

  • Regular Contributor
  • *
  • Posts: 75
  • Country: au
Re: FTDIgate 2.0?
« Reply #216 on: February 01, 2016, 06:18:46 pm »
....
create a version of the chip that has such a low price point, they put the cloners out of business by providing legit-working-alternatives for a price point.

If your chip designers are better than the fakers, then you can make the chips smaller and therefore cheaper than they can, (unless they directly copy the masks, which can be challenging on recent processes). If you put more wafers through the fabs (TSMC, UMC etc) than the fakers do, then you get better wafer pricing, even if they did copy your masks. Then you can sell the genuine article for less than the fakers can make it for - admittedly without making much profit per unit. I think that such a price reduction (maybe combined with a pop-up warning about detected fake devices - without impairing functionality) would have been the honourable path for FTDI, and they might have got some market share back from their legitimate competitors too.

 

Offline Boomerang

  • Regular Contributor
  • *
  • Posts: 52
Re: FTDIgate 2.0?
« Reply #217 on: February 01, 2016, 06:41:21 pm »
Just added FTDIGate 2.0 to Wikipedia.

https://en.wikipedia.org/wiki/FTDI

No mention of any preventive measures... only punitive measures!

Some people don't learn even from their own mistakes.
 

Offline RFZ

  • Regular Contributor
  • *
  • Posts: 50
  • Country: de
Re: FTDIgate 2.0?
« Reply #218 on: February 01, 2016, 06:58:34 pm »
Does anyone know the KB that rolls out this driver so I can ignore it?
As far as I know, Driver updates don't have a KB...
The driver will be installed if you plug in a FTDI device the first time, or, if you already have an older FTDI driver it will show up as normal or optional update...
 

Offline RFZ

  • Regular Contributor
  • *
  • Posts: 50
  • Country: de
Re: FTDIgate 2.0?
« Reply #219 on: February 01, 2016, 07:08:37 pm »
Just added FTDIGate 2.0 to Wikipedia.

https://en.wikipedia.org/wiki/FTDI

That's all good but apparently this driver has been up since  3 July 2015 as stated in the wiki and as per:
http://www.eevblog.com/forum/microcontrollers/ftdi-gate-2-0/msg854788/#msg854788

So it's not a new discovery, many reports since then but I guess this is the first one to bring up a bigger stink about it :)

A report about the July driver can be found here:
http://electropit.com/index.php/2015/09/06/arduino-nano-v3-0-clones/

Yep, the behavior is not new... I've updated that information in my first posting right after about half an hour later when I found out that the "garbage" the driver sends actually was "NON GENUINE DEVICE FOUND!" and I did a google search on it ;) There is no FTDIgate 2.0, it was just me seeing strange behavior and not doing enough research. But who cares ^^
However, since windows update now publishes a new driver version, lots of people will be confronted with it again... So it's actually not bad to discuss this topic again, even if it's not new. FTDI deserves that bad publicity ;)
Also, to be fair, I haven't found much discussion about the driver actually sending arbitrary data to the devices. I guess after FTDIgate bricking most devices by altering the PID, most users avoided FTDI anyways and/or found way to unbrick the devices and use the old driver. Most of them, like me, may not have been aware of that a new driver with different behavior was released.
 

Offline RFZ

  • Regular Contributor
  • *
  • Posts: 50
  • Country: de
Re: FTDIgate 2.0?
« Reply #220 on: February 01, 2016, 07:13:01 pm »
Is anyone here a large enough FTDI customer that they can categorically state that FTDI has NOT provided such a tool to their large customers?  A "counterfeit check" tool would certainly be nicer than having to run through the full driver version/windows version matrix...
FTDI will never do that. There is no way to guarantee that a chip is valid with a tool (at least now with chips having no cryptographic signature or similar things), you can only guarantee that it's fake. There might be fakes already that FTDI cannot identify by now, but they will be able to in the future.
What if you buy such a chip today, the tool says it is okay, and in a year all your products get bricked because FTDI was able to identify it as fake? No... that won't happen.
« Last Edit: February 01, 2016, 07:28:11 pm by RFZ »
 

Offline amyk

  • Super Contributor
  • ***
  • Posts: 5995
Re: FTDIgate 2.0?
« Reply #221 on: February 01, 2016, 08:40:55 pm »
Has the source of the counterfeit devices ever been determined (manufacturer?  Path?)  Maybe they should just sell their own chip and do their own driver; it can't be that hard - ch340g has penetrated pretty well, to the same sorts of vendors, even though it's significantly different.
When the first FTDIgate happened I traced it down by starting here...

http://zeptobars.ru/en/read/FTDI-FT232RL-real-vs-fake-supereal

...and ended up with this:

http://www.eevblog.com/forum/reviews/ftdi-driver-kills-fake-ftdi-ft232/msg535577/#msg535577

The company now shows they have an "RD232A" along with the original "SR2303HX" (presumably a Prolific clone).

This page shows that CoreChips makes the Supereal brand and they appear to have written their own LAN drivers:
http://catalog.update.microsoft.com/v7/site/ScopedViewRedirect.aspx?updateid=5316ed3d-5397-446c-aaf7-4388e3d03f7a
 

Offline glynd

  • Newbie
  • Posts: 4
Re: FTDIgate 2.0?
« Reply #222 on: February 01, 2016, 09:17:00 pm »
Intel used fake FTDI chips for their Gen 2 Galileo?

I expect it was a USB serial lead the guy was using with a fake FTDI chip in it...
 

Offline miguelvp

  • Super Contributor
  • ***
  • Posts: 5549
  • Country: us
Re: FTDIgate 2.0?
« Reply #223 on: February 01, 2016, 09:24:40 pm »
Intel used fake FTDI chips for their Gen 2 Galileo?

I expect it was a USB serial lead the guy was using with a fake FTDI chip in it...
yup, already brought up a couple of times, no FT232 and variants on either Gen 1 or Gen 2 BOM
 

Offline donotdespisethesnake

  • Frequent Contributor
  • **
  • Posts: 794
  • Country: gb
  • Embedded stuff
Re: FTDIgate 2.0?
« Reply #224 on: February 01, 2016, 09:59:15 pm »
Intel used fake FTDI chips for their Gen 2 Galileo?

I expect it was a USB serial lead the guy was using with a fake FTDI chip in it...

It would have helped if the message read "NON GENUINE FTDI DEVICE FOUND", but as a measure of their ineptitude FTDI couldn't even get that right. It obviously didn't occur to them that people wouldn't immediately realise it was the seemingly innocuous USB-serial adapter screwing up their system.  |O

I have to say, in terms of PR screw-ups, this one is as bad as the last FTDI one.

Today I will be looking at how to replace FTDI chips in our designs... even if there is not a technical reason, and obviously we never intend to put counterfeit chips in our products, but we don't and could not check every chip we fit, we rely on suppliers to ship good parts. I have lost trust in FTDI that they will handle things sensibly.
Bob
"All you said is just a bunch of opinions."
 


Share me

Digg  Facebook  SlashDot  Delicious  Technorati  Twitter  Google  Yahoo
Smf