FTDI driver kills fake FTDI FT232??

[medical-nerd]

Hiya

I'm not saying that I'm a computer expert, and a hobbyist experimenter is an end-user albeit with a little more knowledge.
By design an arduino board is supposed to be used by people with little electronic/computer knowledge - if FTDI bricks these boards bought by 'clueless' individuals not realising that an arduino clone may contain susceptibilities to this (including myself) then they are doing a disservice to a wide range of people.

My aim in posting was to demonstrate that if my devices were bricked then I wouldn't normally have a clue as to why my equipment wasn't working. It is only because I regularly look at hackaday that I became aware of this issue and through them discovered this very interesting forum.

I agree with all you say Richard except that I buy a device and use it - how then am I not an end user? I was only demonstrating that a fortuitous coincidence made me  aware of this issue before it may have affected me. I can't think of anyone I know that would have a clue.

I only wish I had time to live in a world of my own little workbench!! 

Cheers to everyone. 

[Strube09]

It makes you(me) afraid to plug in things to my computer... Like my Golf GPS that I update regularly. It would suck if i couldn't update it anymore.... Silicon Labs USB chips for my designs going forward!

[HackedFridgeMagnet]

Just wondering, is anyone going to name the manufacturers or distributors that they have recently found to have supplied fake (not clone) FTDI components instead of what was specified? 
Has it happened?
It might be worth working out what else is wrong in the supply chain.

[a210210200]

Here is a real live example of the problem that FTDI now faces. I wish to purchase a GPS module for a project and I have two choices, the cheapest unit includes in the manual the instruction "download the latest USB driver from www.ftdichip.com/FTDrivers.htm". A slightly more expensive device uses a driver specifically written for the module concerned.

I have purchased the more expensive product, the FTDI brand is now poisoned.

The opposite is true. How long do you think a GPS module which immediately bricks itself and gets returned for refund is going to remain on the market? Probably already and certainly in the future something which claims to use an FTDI chip will very likely have a genuine FTDI chip while things that don't are more likely to have a fake or clone chip of unknown quality and origin.

I am now even more likely to choose a device using an FTDI chip because I will take it as an indication of quality - as it ever was.

Good luck with that... That has to be the more twisted thinking i've seen so far in this Topic.

You're not understanding that as long as margins allow counterfeiters to emulate a chip and win some money, they will just get better at emulating the original chip behaviour, even the glitches of it (like the one used in the current attack). At the end it will be almost impossible to detect a counterfeit from an original, even for FTDI itself. FTDI could launch a new model with security added, but they must mantain support for all the current models, which lack of it and will be always target of counterfeiters.

As simple as i see it is, i think, as simple as (almost all) people see it: you just can't buy or design nothing with a FTDI device on it. As simple as that.

Technically that is going to be true for any chip like and FT232RL counterfeiters will just move on if you move on or better yet they will have fakes for everything (probably already do have it for most relatively simple common parts). The only sure fire way to detect the fakes is to look at the die itself. But making the mechanical outer physical package identical is actually harder than it sounds given that counterfeiters typically don't bother with too much quality control or tolerance controls.

No bug based driver based detection is going to last because now that the secret is very openly revealed it will be easy for them to close that detection route. Just like no amount of DRM works. But there is an out that works on physical products things like counterfeit drugs exist yet there are many very difficult to defeat even if they know the detection system exists. Just using something like a high end laser engraver or doing something a bit odd with the package that makes it difficult to physically copy without the same equipment is basically how money is made counterfeit resistant. If the go along the route of adding very large serial number storage then they could provide strong cryptographically signed and static serials that could be verified like an intel CPU or SSD in addition to just looking at the chip's physical marking/package.

Once you start looking at the difference in laser/printed, injection mold marks, plastic types, surface finishes, lead texture, and so on are very difficult to hide a counterfeit copy unless they are being taking off the official production line. A 10x jewelers loupe is what I use to inspect parts in this manner and they are cheap, batteryless, and tiny. And work well in both part and board inspections for on the spot quality grading/detection of abnormalities. (You just need to practice a bit before you can do it quickly and well) This is all about QC/QA on the mfg side of course.

I still have and sparkfun reported that they have a whole pile of designs with FTDI parts in them and it isn't worth the effort to remove FTDI chips out of the fear of getting fakes with proper QA are not in the product stream (I verified my stocks when I got them, and Sparkfun reports they do the same as well), I've even checked the die of a sample real FTDI chip at home with nothing more than fire and a scanner in 5 minutes flat and it matches the known real die shots (my die image quality is crappy but its clear enough).

FTDI is just doing the whole not listening to customers or people who are willing to help thing and it is really biting them back hard. (People provided info to FTDI directly on counterfeits detected in market and FTDI never really listened at all, they recommended a more verbose warning driver and tools to help others detect but then the PID altering driver came and it basically blew up in FTDI's face) Had they engaged the community which is perfectly willing to help root out illegal counterfeiting it would have been a different story.

[a210210200]

Here is a real live example of the problem that FTDI now faces. I wish to purchase a GPS module for a project and I have two choices, the cheapest unit includes in the manual the instruction "download the latest USB driver from www.ftdichip.com/FTDrivers.htm". A slightly more expensive device uses a driver specifically written for the module concerned.

I have purchased the more expensive product, the FTDI brand is now poisoned.

The opposite is true. How long do you think a GPS module which immediately bricks itself and gets returned for refund is going to remain on the market? Probably already and certainly in the future something which claims to use an FTDI chip will very likely have a genuine FTDI chip while things that don't are more likely to have a fake or clone chip of unknown quality and origin.

I am now even more likely to choose a device using an FTDI chip because I will take it as an indication of quality - as it ever was.

In an ideal world maybe. The functional equivalent chips which are rolling of the production line as we type are already resillient against FTDI's bricking algorithme so now FTDI has to devise another way to make their driver not wanting to talk to functional equivalents. This cycle will repeat until the FTDI drivers will produce false positives for  devices with genuine FTDI chips inside. Do you want to take that risk? FTDI has proven to willingly move into grey areas so their algorithms to detect functional equivalents will probably be geared towards 'fake when in doubt' instead of the other way around.
As long as there is money to be made there will be functional equivalents.

This logic is applicable to all types of items counterfeiting will exist and will always try to evade measures against it. That doesn't mean there should not be any barrier for it. I'd go for more physical counterfeiting protections because those are actually much harder to duplicate well enough to pass off as a real thing and is requires no computer to check/verify.

Even if the new chips don't get detected by the driver they probably still use the exact same markings and physical package. Which is readily identifiable as a fake. FTDI is barking up the wrong tree by trying to use a easily bypassed driver. (Which people have completely reverse engineered to show exactly what it does)(With physical changes even if you know what the ideal is it may either be too expensive or just not attainable by a counterfeiter.)

Economically speaking computer chips by weight are extremely high value products and arguably do require extensive control throughout the supply chain (from end to end to prevent tampering).

[a210210200]

As simple as i see it is, i think, as simple as (almost all) people see it: you just can't buy or design nothing with a FTDI device on it. As simple as that.

So when you ship product built with fake crap of unknown quality and origin you would rather there was less risk of the customer finding out. Thanks for confirming that and that I should continue to consider use of FTDI chips as an indication of quality.

If there are FTDI counterfeit chips in the world (and there are), and we should blame someone, that would be FTDI:

* Their products have been always more expensive that others similar. This allowed counterfeiters the luxury of designing a counterfeit part based in a microcontroller;
* Zero security. Even the counterfeit parts look sharper and with better laser printing.
 
I'm not in favour of conterfeiting. I create IP too and would hate to see it stolen. But i know in what world were're living, so i make just the opossite as FTDI: my profit margin is moderate to discourage conterfeits, and my designs are heavily loaded with security measures. If they get counterfeited, i would hate it, as i said, but I WOULD NEVER TAKE IT AGAINST MY CUSTOMERS. NEVER. I could never do that. I know doing it would be the perfect recipe for company suicide (as Dave said in his video).

Not that simple, the fakes do not have "better" markings than FTDI because that is not possible (FTDI's own markings by definition would be the "perfect" markings to have). A chip that has anything different than the original would not be original. Say if the chips came with top quality thick dipped gold plated leads which never exists in an official product line it would be a dead giveaway. (Also the FTDI FT232 fakes do not appear to have laser engraving look at the reports and die shots the fakes look visibly different on the package level and the die shots confirm that they are fakes)

Fakes can be blamed on counterfeiters trying to contaminate supply chains and catching unaware mfg's that do no QA on their materials and people who actually do seek out the mfg products with fake parts to pass them off as superior products with fake branded parts. So not 100% of the blame can be placed on pricing your product too high. (It probably is one of many factors)

FTDI should have listened and worked with mfg/suppliers/developers instead of surprising everyone with look were going to "fix it" by not fixing anything at all and making just making people angry/incensed. Counterfeiting is a complex problem which no simple/single solution exists.

 

[C]

How many WRONGS make something RIGHT?

Some countries have Laws saying that they can take a kids money because it's counterfeit.
Is that a Right or a Wrong.
I hear some countries actually care. The kid would be told to take it to a bank and be asked were the kid got the bill when the bank replaced it.
A lot of harm here.
The bank was harmed even it the country replaced the counterfeit, Time and Reports. 
The Kid also was harmed due to the time and hassle of getting to the bank.
At least you can say that the country that replaces the bill is trying to do the right thing. The country is paying for it's bill that were to easy to copy and pass.

Way back Compaq and others made a IBM compatible computer. Some of the others lost in court but Compaq won in court. Some users ran IBM software on their Compaq. I have not ever heard of a case of IBM intending to cause harm to a Compaq computer. I have heard of IBM going way out of the way Not to harm a computable. While I am no fan of IBM, they did not do more wrongs, IBM actually tried to prevent any possible harm.
note also that IBM tried to regain the control with the PS2

Which resulted in more copied to the PC Computable

In my pile of Old keyboards I probably still have one that has a config switch that changes it from being XT compatible to PS2 Compatible. Some do not have all the different modes that a real IBM keyboard has but the other modes were not used with a PC compatible. So here you have something IBM did not do( the config switch ) and a known poor copy ( missing other modes ).

Some are saying VID/PID is proof that it's a clone. Sorry not buying that C***. It's a very big world out there and anyone can program those. FTDI's own chips show that they can be reprogrammed many times to different VID/PID's. And it may not be using any of FTDI's software when done if not on windows.

What really makes it worse is that FTDI did not go after everyone using their driver in their lie. They targeted the little guy, the ones most likely to say it broke and buy a replacement. They even hid the fact that they thought that they zapped a clone or fake.

So far I see the following
1. Chips with FTDI LOGO on them. Yes if not made by FTDI nail them with a Copyright law, but you do not know this just by looking and if it's in something you can's see it!

2. Internal scans of what could be a legal clean room clone. May or not be legal. I see no right for FTDI to damage or change it. Where did this chip maker grant this right to FTDI. If this chip works like FTDI's then it is most likely that the outfit that programmed it later put in the VID/PID not the chip MFR. If there is no chip test when FTDI's software chip programmer ran then, they just zapped an end user that FTDI's software put on the VID/PID in question!!!

What is so hard about dumping out a copyright message out on both the USB side and the Serial side. The chip already has flash memory, One time programmable flash memory is common. Yes the clone makers may copy this also, but they could also add a crypt  code number that only FTDI could decode.
   

C

[nctnico]

This cycle will repeat until the FTDI drivers will produce false positives for  devices with genuine FTDI chips inside. Do you want to take that risk? FTDI has proven to willingly move into grey areas so their algorithms to detect functional equivalents will probably be geared towards 'fake when in doubt' instead of the other way around.
As long as there is money to be made there will be functional equivalents.

This logic is applicable to all types of items counterfeiting will exist and will always try to evade measures against it. That doesn't mean there should not be any barrier for it. I'd go for more physical counterfeiting protections because those are actually much harder to duplicate well enough to pass off as a real thing and is requires no computer to check/verify.

Putting more effort into copy protection will raise the prices of the chips even more and make it more lucrative to make functional equivalents. Worse it may have the legitimate users jump through hoops (just like with media and software). If you want to lock the market into your standard you have to allow for a certain amount of copying. Just look at how every major software package got popular.

@C: Adding a crypt code isn't going to work for a Linux driver or forces FTDI to provide a pre-compiled module for every kernel version and platform. And even then it will take only a few days to reverse engineer.

[a210210200]

This cycle will repeat until the FTDI drivers will produce false positives for  devices with genuine FTDI chips inside. Do you want to take that risk? FTDI has proven to willingly move into grey areas so their algorithms to detect functional equivalents will probably be geared towards 'fake when in doubt' instead of the other way around.
As long as there is money to be made there will be functional equivalents.

This logic is applicable to all types of items counterfeiting will exist and will always try to evade measures against it. That doesn't mean there should not be any barrier for it. I'd go for more physical counterfeiting protections because those are actually much harder to duplicate well enough to pass off as a real thing and is requires no computer to check/verify.

Putting more effort into copy protection will raise the prices of the chips even more and make it more lucrative to make functional equivalents. Worse it may have the legitimate users jump throughs hoops (just like with media and software). If you want to lock the market into your standard you have to allow for a certain amount of copying. Just look at how every major software package got popular.

I don't think you understand certain physical measure can be implemented at little cost and be simultaneously very hard to duplicate perfectly. For example sealing a letter with a wax seal sounds like a cheap archaic solution but with careful visual inspection it can be almost impossible to tamper with the seal. Similar with physical modifications like slightly modified injection mold dies with intentional micro-defects in the chip packaging machines or using a unique (not revealed) plastic mix that results in a unique texture that is almost impossible to duplicate without industrial espionage and long extended amounts of materials science efforts just to duplicate a part identically.

You seem to be missing my point of not using software DRM but just good old physical see/touch measures which can be extremely hard to perfect (and most counterfeiters won't go through the effort and will just get to close enough match which allows for simple visual inspection)

[a210210200]

There are different use-cases and different business models that have different levels of risk for each type of part that you buy.

I suppose for a hobbyist, or for a small shop that builds their own devices, it is simple enough to make sure that only genuine FTDI devices are installed in the end product.

For a larger concern where devices are built in very large quantity, it is highly probable that the assembly will occur in China, as [for the moment] they are the undisputed kings of doing things for less money.  In this case, you are putting your trust in a large off-shore company that is [in turn] putting their trust in large off-shore distributors and brokers.  In this use-case, there are multiple opportunities for counterfeit parts to end up in the final product.

China is not just for rock bottom quality mfg. They certainly do offer rock bottom fake mfg's. But they also do work for countless top tier firms and almost everything comes with something from China. Trust with a third party must be established and there are quality standards which many reputable China based firms follow and arguably since many genuine devices are made directly in China it has a shorter supply chain which done correctly is easier to protect than transporting products from China through countless distributors and so on. Since China is such a major mfg hub every major chip maker is going to be sending direct shipments for large production runs and with the right controls you can do something called quality assurance to make sure that your rejecting anything that might even be remotely suspect as either damaged/tampered with/stored in the very wrong conditions/replaced with counterfeits/...

Large scale quality manufacturers do not just fire and forget with outsourcing not even quality small/med volume people will do proper QA/QC pre-production/batch samples/... to verify that everything is working properly. Once you go to the rock bottom sells direct to ebay then most bets are off as there is reason why the prices are so good. (no QA/QC, fakes abound, random specs, no support, ...)(Which also has its purposes when your doing a do not care project that is basically disposable)

(Some companies even open plants themselves to have total control over the entire process and just attempt to take advantage of the local job market)

Very large companies would have engineers all over china and their own local RnD offices to build better ties in China which both reduces the time lag for development and quality control it also give the company a local presence so that they can send people regularly to check on mfg and processes continously.

Counterfeit parts are the "dark side" of the electronics business, and they have always been "out there".  I get the impression that the number of incidences are increasing.  There are different types of counterfeit parts-- some of them are just a package, with no die inside-- and you discover the problem rather quickly during final testing.  These boards can be re-worked at the factory, and this is expensive.  The next level of counterfeit parts do have some silicon in them, but it is not genuine, and they only seek to pass incoming QA long enough to get their paycheck.  This type of part is dangerous, because it can actually end up in the hands of the final end-user before it fails in some way [and that can be a spectacular failure].  This is really quite evil, because the end-user places the blame on the manufacturer, and it damages their reputation and brand.  [This is the level of the current FTDI situation].  The third type of counterfeit part is one that duplicates the original part so well that no one can tell them from the real-deal.  This is still a problem, because some of these parts are used in semi-critical electronics, where a failure can damage something or harm someone-- and the real parts were supposed to be properly [and expensively] qualified for this service-- but since this qualification work was not done on the counterfeit, it is at least possible that something bad could happen.  [This has already happened on multiple occasions in medical and military electronics, and continues to be a problem today].

Hold on there, catching a totally non-functional chip at final inspection? If you receive a batch of parts you should test at least one in the entire shipment or better yet test randomly during production to make sure the stock being used is both the correct chip, stored correctly, works, not a fake, ... (It would save a ton of time/money to do random incoming testing instead of relying solely on final inspection which if something like totally off spec parts somehow get used your going to be in a world of hurt)

Detecting fake ICs and in larger runs doing careful visual inspections or if your paranoid die inspections of samples is pretty critical as well. (All it takes is one sample to find a whole lot of fakes and it isn't exactly hard to do)

The US military is having problems with fake chips/parts because they even admit not doing the basics things like buying form a their own qualified vendors? (What are they buying stuff of ebay or something equivalent, it is no wonder they are getting fakes) Or doing things like inspecting for signs of previous use or wear and tear that makes modules/components obviously not new as sold. (They seem to only find this out at final inspection after the parts are put in) That is a clear sign the US military has completely garbage QA/QC processes that are so slow by the time they find out something went wrong its already flying around (hopefully).

China operates on a buyer beware market and if you actually think about it detecting suspect parts is a joke and starts with who you buy something from and what it physically looks like in front of you. You buy a "new" frequency synthesizer for your missile system do you A) install the part ignoring the massive signs of previous use and age, B) say hey this thing looks beat up and old, I'm filing a dispute on Ali-express..........

The counterfeiters appear to be motivated by money.  The more money there is to be made, then the more likely that the part will be a target.  The FTDI parts have a rather high margin when compared to other similar parts from other companies, and at the same time they [at least up until now] enjoyed a good reputation and had a lot of design-ins despite the higher price.  These two things combined made it almost a guarantee that counterfeiters [and otherwise legitimate clone makers] would copy this product.

I think it is pretty obvious companies (counterfeiting or not) are motivated by money. China is probably more capitalistic free market do anything you want as long as you can pay for it than most countries. High margins are only one aspect of being targeted by counterfeiters. They are happy to enter even low margin or no margin markets because their costs can be so low that they can still get massive margins or trick banks into making them money for themselves. Basic commodities have been subject to counterfeiting and adulteration as well. (things like sugar, milk powder, meats, plastics, metals, wire, paint, toys, concrete, steel, ..., ...) But as I said earlier if you know what your doing you can get both cheaper/high volume/high quality stuff from china.

[a210210200]

Does it show up as an FT232R in the device manager on windows with no driver found error? If it doesn't enumerate (as in be detected not fully work) at all on multiple systems then something else is wrong.

It does enumerate but it's not recognised by the lumibox software anymore.

If windows is giving it a driver then something else is wrong as the PID change will break plug-in play driver detection making windows think its a non PnP device.

And does it show up as an FT232R instead of USB Serial Port? If it does show up as FT232R try following these steps to see if that might help, https://www.eevblog.com/forum/reviews/what-should-ftdi%27s-next-driver-update-look-like/msg541025/#msg541025

[nctnico]

Putting more effort into copy protection will raise the prices of the chips even more and make it more lucrative to make functional equivalents. Worse it may have the legitimate users jump throughs hoops (just like with media and software). If you want to lock the market into your standard you have to allow for a certain amount of copying. Just look at how every major software package got popular.

I don't think you understand certain physical measure can be implemented at little cost and be simultaneously very hard to duplicate perfectly. For example sealing a letter with a wax seal sounds like a cheap archaic solution

Think about counterfeit money. The end user can't tell real from fake so basically is screwed and the counterfeiter still goes free.
Actually the markings on the FTDI chips and the functionally equivalents are not the same and that doesn't stop the non-geniune chips from ending up on circuits. IOW: the method you propose has already failed. Your logic about the supply lines is also flawd as pointed out by others. All what is needed are some forged documents to make counterfeit components enter the supply chain without people noticing.

[a210210200]

Putting more effort into copy protection will raise the prices of the chips even more and make it more lucrative to make functional equivalents. Worse it may have the legitimate users jump throughs hoops (just like with media and software). If you want to lock the market into your standard you have to allow for a certain amount of copying. Just look at how every major software package got popular.

I don't think you understand certain physical measure can be implemented at little cost and be simultaneously very hard to duplicate perfectly. For example sealing a letter with a wax seal sounds like a cheap archaic solution

Think about counterfeit money. The end user can't tell real from fake so basically is screwed and the counterfeiter still goes free.
Actually the markings on the FTDI chips and the functionally equivalents are not the same and that doesn't stop the non-geniune chips from ending up on circuits. IOW: the method you propose has already failed. Your logic about the supply lines is also flawd as pointed out by others. All what is needed are some forged documents to make counterfeit components enter the supply chain without people noticing.

Counterfeit money in Canada is pretty hard to do with our multicolor plastic money which has a unique texture, transparency, shiny stuff, ...

Yes counterfeiters have and do still make fake money, even with the new plastic notes, but it isn't undetectable to the naked eye. The entire point is not making it impossible to make a good copy but to make it very very hard to make a perfect copy so that the costs doesn't make sense to the counterfeiter.

In Canada it is not paying attention to the currency which is causing problems because people blindly think it is impossible to copy which is dumb because the whole point is not to make it impossible to copy but easy enough for a user to see it. And if the user isn't looking for anything they can't see anything. If they believe everything is real then even if it is fake then nothing is going to help them.

Someone handling something like a stack of 100$ bills should at least give it a quick check close up check to see if it is real or not. And that is the objective with chips making it possible to have someone quickly check and detect the difference.

And with large manufacturers you can be talking about many many times 100$ and if it takes just a little close up visual inspection to tell the difference than that is a success. And if you add an online verification (banks probably check the serial numbers on notes) people could ask FTDI if a chip is real.

Computer components even have problems with massive thefts and companies have entire databases for the serial number status of every last processor, hard driver, memory, ... and adding verification services that the chip is not stolen, discarded, fake would add confidence to customers without affecting end users.

It is about creating a barrier to mitigate and minimize the effects of a fakes. Consider a currency which was printed on plain paper and with a standard windows font, no serialization, nothing and just said the value in big numbers. (No security features, or anything) what would happen in that case.

[a210210200]

Hiya folks - first post on forum ever so try to be gentle!!

I would like to give a perspective as an end user.

I have an interest in electronics - hobbyist level and some experience in computers but don't have an operational linux system at the moment - changing distros and hardware and lost my USB sticks again....!!

I don't understand the comments that if something is broken then the user is less than useless if they don't do a google search to see what the problem may be.

My interest is usb-serial devices and an arduino board.
The usb-serial are used for installing/debugging linux and solaris on my sunfire v490 and DL485 servers that I'm playing with.
I also have started to use an arduino mega board. I have absolutely no idea if my items contain clones and would never have suspected this until I followed the Hackaday link to this forum.

As an real end user you have just successfully completed all the necessary steps to be fully equipped to both be aware of the issue and have the resources to deal with it should FTDI's crappy DRM affect you. You do not need linux to resolve this issue, windows works as well.

My comments are about people creating hypothetical end users which make no logical sense as in when prompted by the operating system to do something they instead lock up and enter a human BSOD. You are a perfect example of that not being the case because even without being affected nor having extensive knowledge you have already familiarized yourself extensively with the issue out of self-interest and curiosity.

Some posts here refer to end users as what amounts to completely clueless robots which act in inhuman ways which isn't very nice since everyone is an end user.

If I developed a problem - I would have suspected a configuration problem with the computers and terminal software used and would have spent many hours trying to sort this out - I did initially to get the damn things talking with numerous problems getting the drivers to actually work and software configs.

SO - if a device silently stops working because it has been bricked - the user will naturally concentrate on problems with the items being connected - NOT the connection hardware that has been working previously.

A bricked device completely buggers up a normal end user.

It does not silently stop working, windows asks you to contact the mfg. Which some people seem to think is not possible for an end user but obviously if you don't know what an FT232R would probably search for contact info using that string which would work. Now if you did contact FTDI they would probably tell you off saying your a bad person for having a fake which is horrible customer service but the natural end result (which you already came to even without being affected) is that you both have the solution, knowledge, detection, and workarounds all around you.

On windows you can detect a PID alteration by the loss of plug and play driver installation. Windows will make a USB error tone that sounds like two shortened usb connect sounds in quick succession as well as a task bar info bubble saying driver not found. If you click on the bubble it will tell you that an FT232R has no driver available and you should contact the part manufacturer for a driver.

The fake device still functions just without automatic PnP (plug and play) support due to FTDI being mean and altering the PID to 0000. Follow the windows prompts shown in the guides and you should be fine. (It would be one thing if the device failed silently but this is not the case)

I've tested a mangled PID device my self and it is readily apparent due to window's built in measures even without any searching so you can be assured that on windows if you developed a problem windows will let you know.

And the windows information I'm describing is not a hypothetical, I did real world tests to see how a windows only user experiences this issue. (If you happen to be affected by it the solution is linked a couple times in this thread and resides in the "what should FTDI's next driver look like" thread because people where claiming it was impossible to fix on windows without resorting to linux which is a not correct)

So since becoming aware of this problem I have not connected the devices to any of my computers until I know that it will be safe. When will we know that an updated driver is available that will not potentially brick devices - that is my personal concern.

The FTDI driver version 2.12.0.0 is the driver you do not want to use with a fake device. The driver has been pulled from windows automatic update and FTDI's own site so if your devices are still working fine it should be safe to connect right now. (Safest bet is to not use an updated driver, we don't actually know what FTDI is planning on doing or if it might be buggy or do something insane)(It is actually a safe bet to not update anything for a while as even windows kernel updates for the past month or two have been bricking entire computers)

You can also disable automatic driver downloads if you want total control, http://technet.microsoft.com/en-us/library/cc730606(v=ws.10).aspx

(A bonus of disabling automatic online driver updates is that upon connection drivers will install much faster if windows already has a local copy, with the downside to update drivers you have to download them yourself)(This will protect you against future FTDI windows automatic driver updates as well)

[a210210200]

I would like to give a perspective as an end user.
I have an interest in electronics - hobbyist level and some experience in computers...
I don't understand the comments that if something is broken then the user is less than useless if they don't do a google search to see what the problem may be.

That is NOT the "perspective as an end user".  You are looking at it from the perspective of a hobbyist experimenter.  Granted most people in these forums are hobbyist experimenters, but there are also people out there making commercial products with FTDI chips in them.

If you developed some specialist niche product for sale and had hundreds or thousands of them out there for some vertical market (stamp collectors, or people who make quilts, or whatever) your customers quite possibly have little or no experience with computers beyond using them as a magical appliance.

Now, if their computer got automatically updated (because automatic updates are recommended to protect them against malware) and the new FTDI driver turns out to be malware and bricks their device (because you were unlucky enough to unknowningly use a counterfeit chip), all they know is that their gadget stopped working. They don't have a clue that there is something in there called FTDI (real or counterfeit) and they wouldn't even know that there was anything to Google for or that they could possibly fix it.  And even if they DID do all that, the "fix" is very fiddly and not end-user friendly.

People here seem to live in a world of their own little workbench and never consider that some people develop products for sale to end-users who are NOT computer experts, and never will be.  And we have seen accounts of people ending up with counterfeit chips even when acquired through "official" channels.  Nothing is certain in life but death and taxes.  Getting a genuine chip (of any brand or model) 100% of the time is a foolish pipe-dream.

Everyone is an end user. You have it all mixed up. Hobbyist experimenter or not he uses an FTDI product and is an end user. Anyone using an FTDI product counts as an end user not just hypothetical non-existent users. You know people are people, an end user is an end user being a pro/newbie doesn't change that.

Windows tells them exactly what needs to be done and it is about as user friendly as windows gets since it is all part of the default interface.

People here are people and non-experts are not dumb robots.

Getting a real chip 100% of the time is not a foolish pipe dream it is a easily achievable target. (Some chips don't have any fakes for instance because they are one offs or very low runs that no one even knows about outside the mfg)

[a210210200]

Hiya

I'm not saying that I'm a computer expert, and a hobbyist experimenter is an end-user albeit with a little more knowledge.
By design an arduino board is supposed to be used by people with little electronic/computer knowledge - if FTDI bricks these boards bought by 'clueless' individuals not realising that an arduino clone may contain susceptibilities to this (including myself) then they are doing a disservice to a wide range of people.

My aim in posting was to demonstrate that if my devices were bricked then I wouldn't normally have a clue as to why my equipment wasn't working. It is only because I regularly look at hackaday that I became aware of this issue and through them discovered this very interesting forum.

I agree with all you say Richard except that I buy a device and use it - how then am I not an end user? I was only demonstrating that a fortuitous coincidence made me  aware of this issue before it may have affected me. I can't think of anyone I know that would have a clue.

I only wish I had time to live in a world of my own little workbench!! 

Cheers to everyone. 

I don't understand why everyone isn't an end user if they use something as a finished product. That by definition is an end user and many people here seem to equate end user's with what amounts to a doorknob which is wrong.

FTDI is doing a huge disservice to their own name and reputation because they never worked with the community of end users to root out fakes but instead went it alone and ended up pissing off the entire community and created a PR firestorm. They do have the right to not work with fakes but they are approaching it in all the wrong ways and ended up with a system which looks like a garbage DRM system.

Window's is not silent in telling you what is wrong and it is sensationalistic wording that calls the devices "dead/killed" when they do in fact still work and you just have to install the the device like a printer with bad drivers. This is why FTDI shouldn't have done the PID change because it just hassles end-users instead of telling them directly that they have been scammed and what to do. Even more so FTDI appears to have failed to listen to groups that were technically skilled enough to figure out the fake devices and FTDI never released tools to help trusted mfg/suppliers to check for fakes themselves. To date the only tools to detect a fake chip are non-FTDI official ones and that is all backwards.

[a210210200]

Just wondering, is anyone going to name the manufacturers or distributors that they have recently found to have supplied fake (not clone) FTDI components instead of what was specified? 
Has it happened?
It might be worth working out what else is wrong in the supply chain.

This is what everyone should have been working on but FTDI screwed that all up. If everyone was working towards a positive goal of figuring out where the fakes where instead of the PR storm that FTDI brought upon themselves I'd bet we'd be able to help at least figure some useful information on the counterfeit chips.

Counterfeiting is illegal but FTDI decided to make everyone linch them instead, horrible planning/foresight.

[C]

@C: Adding a crypt code isn't going to work for a Linux driver or forces FTDI to provide a pre-compiled module for every kernel version and platform. And even then it will take only a few days to reverse engineer.

I may have not said that Correct
Print something on the package and you have something legal to fight with. The problem is that you can't see the copyright when inside something.

The crypt code is just something the chip does. for example a Rolling code  like KeeLoq,

On the serial port side only two pins were connected to the arduino the TX & RX. Would be nice to check real or fake. The problem is how do you ask from arduino/AVR. side? I can't see any Async Serial idea working, Just to many unknown's. But you might be able to send a large number of clock cycles and then the chip uses the clock to output the copyright message.  You could probably get the fake side working in a few minutes so far.
Add the output from a KeeLoq transmitter and you have a changing number.
The text of the dumped copyright message anyone can get right, but followed by a KeeLog output?
May have to dump the digital copyright message a few times to get a KeeLog sequence that can be tested. And only the chip MFR can say good or bad.

So Linux or AVR can say yes the two numbers changed, could be ok, Want to know more you have to ask the MFR. and tell them __________.

One problem with crypto is the more you use it the more likely it is to be broken. So limit the number of times you can ask a chip.

C

[TheRevva]

Wow, that philosophy wouldn't last two minutes in a proper customer-support organization. How astonishingly clueless about the end-user support world.

Please elaborate on how you think the entire all industries all fields of work end user support world should work. Does everyone get a personal IT support person standing by their side to guide them through the terribly complex process of pointing, clicking, and typing into this strange box the strange person calls a computer?

Which by the way if you want I can do it for you personally for free online to fix the FTDI PID issues if you have any. In IT support if the person is at an ends of their ability then yes people take over but you shouldn't hand hold 100% of the time and must adapt to the situation and person your talking to. For an IT group fixing things like this is peanuts compared to a bad windows update that wasn't caught in deployment testing which can cause many more problems.

I LOVE this thread!!!  I have to 'disappear' from the net for a weekend due to a 'far more important' hobby of mine (drag racing)...  Not only do I come back to find another whole BATCH of politically induced BULLSHIT from 'the paid troll', I also had to waste several HOURS 'fixing' the data-logger connectivity of several VERY high end drag racers (who now consider me to be an absolute 'I.T. deity'...  Go figure!!!).  Naturally, after having remedied their issues, I explained (impartially? Yeah right, they KNOW me better than that!!!) the reasons why their time proven systems had suddenly turned into custard.  The 'news' spread through the venue like an Santa Ana bushfire and they all want me to build them a new USB-RS232C cable that will take the big FTDI question totally out of the equation!  Even the Top Fuellers who already had GENUINE FTDI chips in their systems.....  (Racepak and RPM seem to supply a 'custom' VID / PID on their FTDI equipped cables as do many others).  It's simply not worth them 'risking' a $200k motor on some NASTY $20 cable!
I probably SHOULD be thanking FTDI for the extra business, but in reality, I am NOT an EE...  I just 'hit keys' and electronics is merely a hobby.
Perhaps FTDI needs to mix a bit more Ammonium Nitrate into their Nitromethane next time so they can 'go out in style'....  OKLAHOMA style...
Anyway, I have a bunch more in this thread (from the 'paid trolls')....  Might be more posts from me real soon

[Monkeh]

CP21xx can offer the same functionality with reduced cost

Where's my bitbang mode? EEPROM? RS485 or GPIO capability on the only part with EEPROM instead of OTP ROM? ESD rating?

Sorry, not seeing this 'same functionality'.

[TheRevva]

I would like if someone will point out what consumer product (not even a vital one) has been affected that is not related to hobbyists.

Hi MigeulVP,
I have one (of potentially MANY) examples to share with you...
I'm into the sport of drag racing in a BIG way. I'm one of a bunch of 'volunteers' at the many tracks in my homeland.
Almost ANY 'serious' drag racer has a data logger on his / her chosen race vehicle.  It helps him / her to 'tune' their setup and / or give them more info on 'what went wrong' in those unfortunate moments.
The vast majority of the common dataloggers have a DB9 serial output.  (Yeah, drag racing is somewhat of an 'old school' sport.  Comparatively few 'innovators' and the rules at the pointy end tend to frown on those using 'current' technology).
Any 'modern' PC no longer has an RS232C port, so the manufacterers tend to supply a USB-RS232 converter with their box.  A LOT of them happen to have an FTDI chip (albeit with a unique VID / PID in many I saw this weekend).  The issue is that ANY motorsport is 'rough on gear' and such cables tend to 'die' rather often.  Therefore, many teams have 'spares' that they've purchased from their local store (Jaycar / Radio Shack et al).  These have all worked 'just fine' until now...  (I'm in the Sthrn hemispehere so our 'drag season' is only just starting).  Imagine the total fracas when this hits the start of the NORTHERN hemisphere  drag season!!!!
I'm wiling to bet that FTDI have suddenly 'lost' any hope of 'traction' (excuse the pun) in this sport...
NASCAR? Indy? Formula 1?  They're all equally at risk...  (And it's probably a sizable chunk of the FTDI USB-RS232 chip business!!!)

[TheRevva]

Purely my _OPINION_ here which MIGHT 'go beyond' the forum rules??? (Simon / Dave etc, if so, PLEASE delete this post and 'rap my knuckles')

Rufus, A21blah blah blah....
Are you paid by the post count, or by the word count within each post?
How much can your boss offer ME to become 'yet another FTDI troll' (YAFT???)?

This is an EE forum for christs sake...
Your rhetoric MIGHT work on 'Joe Public', but generally speaking, the participants of THIS forum actually have triple digit IQs
Give it a break already!!!

(Sorry if I have offended any 'non-troll' here!!)

[janoc]

I strongly suggest the forum moderators to simply lock this thread. Everything that was to be said seems to have been said already and no new information is forthcoming.

If someone has something new, they would better start a new thread because nobody would ever find it buried here. This thread is only a troll fest for a few folks now.

[nctnico]

I'm just curious, why not using silabs chips? CP21xx can offer the same functionality with reduced cost, and spi/i2c options. Why stick to FTDI craps? Personally I prefer silabs chips because:

e. they offer open source drivers and detailed device specifications, so you can either use their free oss drivers, or write your own ones.

I second that. I downloaded the tools package from Silabs and was pleasantly surprised they seem to fully support Linux and OSX with their GUI based tools. The same tools and APIs they provide for Windows are also available for Linux and OSX. It seems FTDI only has Windows GUI programs for setting device parameters.

[dannyf]

Are you paid by the post count, or by the word count within each post?

I think you will find it much better for you if you refrain from conjecturing your opponents' motives in a discussion.

All it does is to project the image of a small-hearted person, not your opponents, however.