Author Topic: FTDI driver kills fake FTDI FT232??  (Read 379267 times)

0 Members and 2 Guests are viewing this topic.

Offline krater

  • Regular Contributor
  • *
  • Posts: 60
  • Country: de
Re: FTDI driver kills fake FTDI FT232??
« Reply #275 on: October 23, 2014, 01:28:52 PM »


In which case it would be an easy matter to do a search in the driver for that serial number and  mask it out.

The driver is signed, if you change anything it will not work again.
"it was working yesterday.  hmmm.  maybe the vendor FTDI'd me via a windows update..."
 

Offline (*steve*)

  • Contributor
  • Posts: 35
Re: FTDI driver kills fake FTDI FT232??
« Reply #276 on: October 23, 2014, 01:30:01 PM »
It's only trademark infringement when the chip is being sold with FTDI markings. If it's unmarked, or marked with any name other than FTDI, it does not infringe on FTDI's trademark.

They're trying to make it a copyright/licensing issue (I think) via the new license "agreement" in their drivers.

Having said that, my reading suggests that at least some (perhaps many/most) fake chips are branded with FTDI.
 

Offline mgaffigan

  • Newbie
  • Posts: 2
Re: FTDI driver kills fake FTDI FT232??
« Reply #277 on: October 23, 2014, 01:35:26 PM »
I think the missed opportunity here is a license from FTDI for the low, low cost of $5 to continue using a counterfeit device...

Perhaps it's a break, then fix sort of thing.
« Last Edit: October 23, 2014, 01:39:17 PM by mgaffigan »
 

Offline linux-works

  • Super Contributor
  • ***
  • Posts: 1755
  • Country: us
    • netstuff
Re: FTDI driver kills fake FTDI FT232??
« Reply #278 on: October 23, 2014, 01:36:53 PM »

If someone has a fake, can you check the chips serial number(not the USBID number, not serial stored in external eeprom)?

Each of the chips has a unique serial number ( it can be read), it could be the fakes all have the same serial number because they were too lazy/cheap to laser cut / program it.

In which case it would be an easy matter to do a search in the driver for that serial number and  mask it out.

the various fakes that I've personally had all had non-null serial numbers.  its only the pid that was all 0's.

I had a long set of emails with one vendor (sunfounder is the name) on amazon who sold me one with all 0's.  I wrote an amazon review of it, he saw it (amazon probably reacted to my review and halted his sales) and the next few that I was sent by that vendor did NOT have 0's as the pid.  the vendor swears to me that he buys directly from ftdi and was trying his best to make the situation right again.  I can't tell, to be honest; was it amazon's halting of his sales that made him 'sorry' or was it sincere?  was the unit that I got a customer return who plugged it into windows and windows zero'd it out?  impossible to tell.

but all of the ones that I got had serial number strings that 'looked' reasonable.  only the PID was 0000.
 

Offline linux-works

  • Super Contributor
  • ***
  • Posts: 1755
  • Country: us
    • netstuff
Re: FTDI driver kills fake FTDI FT232??
« Reply #279 on: October 23, 2014, 01:40:06 PM »
I think the missed opportunity here is a license available for the low, low cost of $5 to continue using a counterfeit device...

Perhaps it's a break, then fix sort of thing.

how would that work on linux?  linux has source-based code and you can't force a binary blob down (usually) and get away with it once the source is already out there.

you could stop the mac and windows users but linux lets users see and modify source code.  the vendor can't threaten linux users.  they probably knew this and so they (apparently) decided there was ONE 'fix' for all os's.  and I use the word 'fix' in the most non-literal sense.

then again, a linux driver update to ftdi_sio.[ch] may be coming soon that allows the 0000 pid.
 


Offline mgaffigan

  • Newbie
  • Posts: 2
Re: FTDI driver kills fake FTDI FT232??
« Reply #281 on: October 23, 2014, 01:47:54 PM »
I think the missed opportunity here is a license available for the low, low cost of $5 to continue using a counterfeit device...

Perhaps it's a break, then fix sort of thing.

how would that work on linux?  linux has source-based code and you can't force a binary blob down (usually) and get away with it once the source is already out there.

you could stop the mac and windows users but linux lets users see and modify source code.  the vendor can't threaten linux users.  they probably knew this and so they (apparently) decided there was ONE 'fix' for all os's.  and I use the word 'fix' in the most non-literal sense.

then again, a linux driver update to ftdi_sio.[ch] may be coming soon that allows the 0000 pid.

As you pointed out, the problem isn't on Linux.  I am sure the dev community will catch up to handle the new PID.  The most vocal set of users are those who bought an arduino or some other product which no longer works, and the current bitterness is that the device is not working.  It may be an unpopular opinion, but I do understand their issue with enforcement.  A popup box saying "Your product is counterfeit" doesn't accomplish anything but give the user some search terms to find a non-detecting version of the driver. 

Imagine instead of just bricking the device, you received a popup saying "Your product is counterfeit, please contact the manufacturer for RMA or purchase a license from FTDIStore.com."  You'd still be annoyed, but you'd probably pay the $5 so that you can continue using the $30 device.

That way, the OEM still is forced to purchase genuine parts, the user can continue using their device, and FTDI still gets revenue from a missed sale.
« Last Edit: October 23, 2014, 01:50:32 PM by mgaffigan »
 

Offline nitro2k01

  • Frequent Contributor
  • **
  • Posts: 837
  • Country: 00
Re: FTDI driver kills fake FTDI FT232??
« Reply #282 on: October 23, 2014, 01:54:38 PM »
In which case it would be an easy matter to do a search in the driver for that serial number and  mask it out.
The driver is signed, if you change anything it will not work again.
That's easy to bypass pretty easily if you're willing. (Assuming you're talking about Windows' signing and not some extra, homebrew signing by FTDI.)
Whoa! How the hell did Dave know that Bob is my uncle? Amazing!
 

Offline amyk

  • Super Contributor
  • ***
  • Posts: 4376
Re: FTDI driver kills fake FTDI FT232??
« Reply #283 on: October 23, 2014, 01:57:02 PM »


In which case it would be an easy matter to do a search in the driver for that serial number and  mask it out.

The driver is signed, if you change anything it will not work again.
Quite naturally, there's a patch to disable that too, or resign with your own certificate (which you've installed as a trusted root.)
 

Offline linux-works

  • Super Contributor
  • ***
  • Posts: 1755
  • Country: us
    • netstuff
Re: FTDI driver kills fake FTDI FT232??
« Reply #284 on: October 23, 2014, 01:59:45 PM »

Imagine instead of just bricking the device, you received a popup saying "Your product is counterfeit, please contact the manufacturer for RMA or purchase a license from FTDIStore.com."  You'd still be annoyed, but you'd probably pay the $5 so that you can continue using the $30 device.

That way, the OEM still is forced to purchase genuine parts, the user can continue using their device, and FTDI still gets revenue from a missed sale.

that would be the proper and ethical thing to do.

sadly, ftdi jumped before they thought it all out and we're now left with a meltdown.  will they double-down on their derp or will they change their stance and pull the damaging driver back and use a popup, like you (and others) have suggested?  my bet is that they will not budge and only if they are sued will they change their tune.  companies are like that, these days; they never want to admit that a decision they made was horribly wrong ;(
 

Offline Vgkid

  • Super Contributor
  • ***
  • Posts: 1655
  • Country: us
Re: FTDI driver kills fake FTDI FT232??
« Reply #285 on: October 23, 2014, 02:02:33 PM »
This was only a couple of pages yesterday, now it is 20+ with over 1K visitors.
 

Offline wilfred

  • Super Contributor
  • ***
  • Posts: 3039
  • Country: au
Re: FTDI driver kills fake FTDI FT232??
« Reply #286 on: October 23, 2014, 02:07:19 PM »
FYI KPR8 has been sent to the sin bin.

Wow, 1400 guests viewing this thread!

You got the forum server fixed just in time.

I am not entirely sure Dave didn't "engineer" this thread himself.  >:D
It's too much of a coincidence.
 

Offline Knuckx

  • Contributor
  • Posts: 7
Re: FTDI driver kills fake FTDI FT232??
« Reply #287 on: October 23, 2014, 02:08:14 PM »


In which case it would be an easy matter to do a search in the driver for that serial number and  mask it out.

The driver is signed, if you change anything it will not work again.
Quite naturally, there's a patch to disable that too, or resign with your own certificate (which you've installed as a trusted root.)

A Kernel Boot Configuration Option exists to disable signature checking, called TESTSIGNING.
You can't resign *that* easily though, as the system trusted root doesn't cover kernelmode, only things with a Microsoft cert somewhere in the certs chain of trust are trusted in kernelmode.

As for what FTDI should have done, I would have been happy enough if the driver just refused to start on a fake device with a Code 10 in device manager: "The device cannot start".
 

Offline Zeta

  • Contributor
  • Posts: 49
Re: FTDI driver kills fake FTDI FT232??
« Reply #288 on: October 23, 2014, 02:14:46 PM »
I'm wondering are these fools blaming FTDI are actually real users? or are they just trols paid by fake ICs manufacturers? it was entertaining to read the posts but come on they can't be real.

Why would you blame FTDI if you are an legit user who unknowingly bought a device containing a counterfeit IC, contact your vendor (he is the one to blame) and ask for a refund or a product change. If they knew those where cointerfeit ICs its their fault if they didn't know they will sue their providers and will make sure they buy the real thing next time it is still their fault.

Just a reminder: buying or selling counterfeit products is illegal and ipholder has the right and duty to make the counterfeit product destroyed (remember when sparkfun cried when they had to pay to have their fake flukes destroyed?)
 

Offline nsayer

  • Regular Contributor
  • *
  • Posts: 133
  • Country: us
    • Geppetto Elecronics
Re: FTDI driver kills fake FTDI FT232??
« Reply #289 on: October 23, 2014, 02:21:56 PM »
I'm wondering are these fools blaming FTDI are actually real users? or are they just trols paid by fake ICs manufacturers? it was entertaining to read the posts but come on they can't be real.

I'm wondering are these fools defending FTDI are actually real users? or are they just trols paid by FTDI? It was entertaining to read the posts but come on they can't be real.


God, it was actually physically painful to type with such bad grammar.
Buy my stuff!! It's not at all terrible!! http://tindie.geppettoelectronics.com/
 

Offline akshaykirti

  • Contributor
  • Posts: 18
Re: FTDI driver kills fake FTDI FT232??
« Reply #290 on: October 23, 2014, 02:28:31 PM »
Oh crap. I bought a rs232 TTL converter from adafruit and it had the same exact issue. The PID used to reset to 0000.

I had to modify the windows ftdi inf files to include 0000 and then boot in unsigned mode to Install the driver. Now it works fine on the normal windows mode.. We were on a tight timeline so couldn't really get a new one.

However if I change the PID to anything via their ftdi eeprom utility it changes it back to 0000 the next time it is plugged in. Had a long forum conversation with adafruit and they didn't want to believe me. Finally they refunded me the money on good faith I guess.

Link to the adafruit forum post. https://forums.adafruit.com/viewtopic.php?f=19&t=60807

p.S Typing on a tablet: please forgive any errors.
 

Offline marcan

  • Regular Contributor
  • *
  • Posts: 79
  • If it ain't broke I'll fix it anyway.
    • My blog
Re: FTDI driver kills fake FTDI FT232??
« Reply #291 on: October 23, 2014, 02:31:05 PM »
In case anyone was still wondering if this is intentional and malicious...



Straight out of their driver. Function/variable naming and comments mine.

Edit: Ooooh this is cleverer than I thought. So what's going on is that on real FT232RLs, the EEPROM is written in 32-bit units: writes to even addresses are buffered, and writes to odd addresses write 32 bits at once: the buffered 16 bits, and the supplied 16 bits. So, on a real FT232RL, this code does nothing; it just buffers 16 bits then buffers another 16 bits and no writes are issued. On a clone FT232RL, this writes the PID to 0 (breaking the checksum) and writes not the checksum, but the value required to make the existing checksum match to address 62. In combination, these two writes make the checksum at address 63 valid again (without modifying it). I've updated the image above with the new analysis.

Edit 2: Note that the EEPROM write commands are legitimate (and necessary - but not sufficient - when writing the full EEPROM of an original FT232RL), and indeed I think they would work on (i.e. also brick) other FTDI devices with external EEPROMs (the code that calls this function is very careful to only do so after detecting an FT232RL, legit or not). What seems to have happened here is that, when FTDI switched to an internal EEPROM on the FT232RL, they decided to switch to a 32-bit EEPROM (you can actually see the 32×40 bit array in this die shot by Zeptobars). However, they kept the existing 16-bit-at-a-time commands, but instead decided to buffer one and write only when the chip has accumulated a full 32 bits. This keeps the PC side the same across their entire chip range. The clones just emulate the established interface in the logical and obvious way, issuing 16-bit writes, since presumably nobody checked that a real device doesn't respond like that since usually the entire EEPROM is written at once. FTDI realized that this difference of implementation existed, and is exploiting it here by carefully crafting a routine that has no effect on the original device, but bricks clones (and would likely brick legitimate non-232RL FTDI chips too!).

In a way, the clones actually implement FTDI's command interface better than FTDI themselves - and FTDI is exploiting this to brick them.
« Last Edit: October 23, 2014, 11:10:39 PM by marcan »
 

Offline Rasz

  • Super Contributor
  • ***
  • Posts: 1520
  • Country: 00
    • My random blog.
Re: FTDI driver kills fake FTDI FT232??
« Reply #292 on: October 23, 2014, 02:32:29 PM »
what wrong did I do by buying a device on amazon, fully believing that the items there won't be ebay-style fakes?
how is it right, in your view, to punish ME for this?

I heard that one before, from a guy trying to smuggle elephant ivory

At least if I design a .. Prolific...  part into my product, it's less likely to get wrecked by malware.

you seem to missed the memo on prolific driver bsoding on purpose when it detects fake chip
« Last Edit: October 23, 2014, 02:35:44 PM by Rasz »
Who logs in to gdm? Not I, said the duck.
My fireplace is on fire, but in all the wrong places.
 

Offline kwallen

  • Contributor
  • Posts: 26
  • Country: 00
Re: FTDI driver kills fake FTDI FT232??
« Reply #293 on: October 23, 2014, 02:39:18 PM »
Oh crap. I bought a rs232 TTL converter from adafruit and it had the same exact issue. The PID used to reset to 0000.

Might want to contact them about that, they have a statement on their website at the moment saying all of theirs are genuine.

Hackaday and EEVblog are reporting that the latest Windows update that include FTDI drivers brick any counterfeit FTDI chips. Adafruit requires it suppliers to only use genuine FTDI chips. However, no matter what it’s always possible counterfeit chips could be used when you purchase products from anyone, anywhere. We’re double and triple checking all our products and suppliers as an added precaution.
« Last Edit: October 23, 2014, 02:41:57 PM by kwallen »
 

Offline Knuckx

  • Contributor
  • Posts: 7
Re: FTDI driver kills fake FTDI FT232??
« Reply #294 on: October 23, 2014, 02:44:10 PM »
In case anyone was still wondering if this is intentional and malicious...



Straight out of their driver. Function/variable naming and comments mine.

So it relies on a quirk of the EEPROM handling of the fakes. I suspect this will turn into a game of cat and mouse if FTDI continue...

what wrong did I do by buying a device on amazon, fully believing that the items there won't be ebay-style fakes?
how is it right, in your view, to punish ME for this?

I heard that one before, from a guy trying to smuggle elephant ivory

At least if I design a .. Prolific...  part into my product, it's less likely to get wrecked by malware.

you seem to missed the memo on prolific driver bsoding on purpose when it detects fake chip
True, but it still doesn't semi-brick your device when it does this...

USB-CDC should be standard by now; surely some cheap chinese chip consortium could spend some time rolling a cheap CDC chip for the masses?
 

Offline nsayer

  • Regular Contributor
  • *
  • Posts: 133
  • Country: us
    • Geppetto Elecronics
Re: FTDI driver kills fake FTDI FT232??
« Reply #295 on: October 23, 2014, 02:54:57 PM »
Arduino switched to using a USB equipped ATMega for their USB-to-serial needs.

I think the best response from the outraged community would be an open-sourced FT232RL emulator sketch for ATMel (or similar) micro controllers. It should, of course, be complete with an "#ifdef PROTECT_PID" code block that works around this nonsense.
Buy my stuff!! It's not at all terrible!! http://tindie.geppettoelectronics.com/
 

Offline akshaykirti

  • Contributor
  • Posts: 18
Re: FTDI driver kills fake FTDI FT232??
« Reply #296 on: October 23, 2014, 03:00:43 PM »
Oh crap. I bought a rs232 TTL converter from adafruit and it had the same exact issue. The PID used to reset to 0000.

Might want to contact them about that, they have a statement on their website at the moment saying all of theirs are genuine.

Hackaday and EEVblog are reporting that the latest Windows update that include FTDI drivers brick any counterfeit FTDI chips. Adafruit requires it suppliers to only use genuine FTDI chips. However, no matter what it’s always possible counterfeit chips could be used when you purchase products from anyone, anywhere. We’re double and triple checking all our products and suppliers as an added precaution.

Just did. Linked them to hackaday. Wow, I wasted almost 2 hrs that day fixing this stupid issue.
 

Offline akshaykirti

  • Contributor
  • Posts: 18
Re: FTDI driver kills fake FTDI FT232??
« Reply #297 on: October 23, 2014, 03:12:36 PM »
Looks like adafruit removed the product I bought with the fake chip. Great!

https://forums.adafruit.com/viewtopic.php?f=19&t=60807
 

Online zapta

  • Super Contributor
  • ***
  • Posts: 5470
  • Country: us
Re: FTDI driver kills fake FTDI FT232??
« Reply #298 on: October 23, 2014, 03:23:38 PM »
what wrong did I do by buying a device on amazon, fully believing that the items there won't be ebay-style fakes?
how is it right, in your view, to punish ME for this?

I heard that one before, from a guy trying to smuggle elephant ivory

What did he use the FTDI IC for?
Live and let live.
 

Offline (*steve*)

  • Contributor
  • Posts: 35
Re: FTDI driver kills fake FTDI FT232??
« Reply #299 on: October 23, 2014, 03:28:47 PM »
What did he use the FTDI IC for?

That's the whole point.  He used a fake chip... or a fake elephant.  Or something.  Or the real elephant came back and trampled the fake ivory because it wasn't real.

You see?

 


Share me

Digg  Facebook  SlashDot  Delicious  Technorati  Twitter  Google  Yahoo
Smf

 

PCB Only $10 and 2-3days’ delivery - PCBWay !!!