Author Topic: FTDIgate 2.0?  (Read 382103 times)

0 Members and 1 Guest are viewing this topic.

Offline suicidaleggroll

  • Super Contributor
  • ***
  • Posts: 1453
  • Country: us
Re: FTDIgate 2.0?
« Reply #150 on: January 31, 2016, 04:26:37 pm »
A few weeks ago I bought a battery charger from a company called Nitecore.  Apparently Nitecore has had problems with fakes, and their solution seemed simple and effective.  On every unit they send out now, they stick a small sticker with a scratch-off label like you find on gift cards and lottery tickets.  Under the scratch-off label is a code, and you can go to their website to verify the authenticity of the code (presumably once a code has been verified, it can't be checked again, to prevent counterfeiters from just making a bunch of knockoffs with one valid code).  What if FTDI did something similar on their reels?  Full reels get a verification sticker, and only when the reel is going to be opened up is that code checked.  If you buy full reels, you can check it yourself.  If you buy individuals, then you only buy from distributors who check the code before they break it down for resale.  Compared to the cost of the full reel, the minute it would take to verify the code would be insignificant.

Then FTDI could do whatever they want with the driver, and as a manufacturer you wouldn't have any doubts that the parts used on your board are genuine.
 

Offline janekm

  • Supporter
  • ****
  • Posts: 515
  • Country: gb
Re: FTDIgate 2.0?
« Reply #151 on: January 31, 2016, 05:05:01 pm »
A few weeks ago I bought a battery charger from a company called Nitecore.  Apparently Nitecore has had problems with fakes, and their solution seemed simple and effective.  On every unit they send out now, they stick a small sticker with a scratch-off label like you find on gift cards and lottery tickets.  Under the scratch-off label is a code, and you can go to their website to verify the authenticity of the code (presumably once a code has been verified, it can't be checked again, to prevent counterfeiters from just making a bunch of knockoffs with one valid code).  What if FTDI did something similar on their reels?  Full reels get a verification sticker, and only when the reel is going to be opened up is that code checked.  If you buy full reels, you can check it yourself.  If you buy individuals, then you only buy from distributors who check the code before they break it down for resale.  Compared to the cost of the full reel, the minute it would take to verify the code would be insignificant.

Then FTDI could do whatever they want with the driver, and as a manufacturer you wouldn't have any doubts that the parts used on your board are genuine.

Yes, something like that is what they should be doing.
Problem: There are fakes of our chips out there and ending up in end products (whether the manufacturer intended them to or not)
Solution: Let's help manufacturers make sure they get our real chips
FTDI's solution: Let's break those manufacturer's products

Genius...  |O

What I would do is assign a unique ID to each chip (they probably do already anyway?) and keep a list on a server. Then a piece of test code can read out that ID and query the server for whether that ID is real and has been read before. No need for scratch labels and can be integrated into production tests.
 

Offline free_electron

  • Super Contributor
  • ***
  • Posts: 8515
  • Country: us
    • SiliconValleyGarage
Re: FTDIgate 2.0?
« Reply #152 on: January 31, 2016, 05:15:34 pm »
Quote
if someone kills a man he will be prosecuted
So if you drive over someone with a car, is it you or the CEO of Fiat that should be charged?

CEO of FIAT! Because they make so lousy cars!

A Japanese who was killed by the atom bomb once sued US government for dropping it.
Court later found that the Japanese should have sued the guy in the plane who opened the bomb bay doors.
I doubt that. Dead people can't sue....
Professional Electron Wrangler.
Any comments, or points of view expressed, are my own and not endorsed , induced or compensated by my employer(s).
 

Offline wraper

  • Supporter
  • ****
  • Posts: 16791
  • Country: lv
Re: FTDIgate 2.0?
« Reply #153 on: January 31, 2016, 05:30:28 pm »
What I would do is assign a unique ID to each chip (they probably do already anyway?) and keep a list on a server. Then a piece of test code can read out that ID and query the server for whether that ID is real and has been read before. No need for scratch labels and can be integrated into production tests.
And change the silicon/IC model too to achieve this  :palm:.
 

Offline Karel

  • Super Contributor
  • ***
  • Posts: 2214
  • Country: 00
Re: FTDIgate 2.0?
« Reply #154 on: January 31, 2016, 05:42:12 pm »
Do we really have to go through the 70+ pages long thread from start, ...

Nope, we all are free to ignore this thread if we want.
If, however, we decide to participate in a discussion, we have to be prepared for people expressing an opinion we may not like.

If, in your opinion, enough has been written about this topic, feel free to leave and let the others continue.

 

Offline miguelvp

  • Super Contributor
  • ***
  • Posts: 5550
  • Country: us
Re: FTDIgate 2.0?
« Reply #155 on: January 31, 2016, 05:50:23 pm »
The other thread was about FTDI bricking devices with fake chips. Nothing to do with this (yet to be corroborated by others) problem.

What I don't understand is why would anyone designing a device would take the random serial data as a valid initialization. Surely you wouldn't design it in such a way to begin with, because a lot of things can talk to a serial COM port even if the drivers were left alone allowing communication with fake chips.
 

Offline RFZTopic starter

  • Regular Contributor
  • *
  • Posts: 52
  • Country: de
Re: FTDIgate 2.0?
« Reply #156 on: January 31, 2016, 05:52:36 pm »
And change the silicon/IC model too to achieve this  :palm:.

USB FTDIChip-ID™ feature is part of the FT232R specs: A unique number (the FTDIChip-ID™) is burnt into the device during manufacture and is readable over USB, thus forming the basis of a security dongle which can be used to protect customer application software from being copied.
 

Offline janoc

  • Super Contributor
  • ***
  • Posts: 3781
  • Country: de
Re: FTDIgate 2.0?
« Reply #157 on: January 31, 2016, 06:01:43 pm »
The other thread was about FTDI bricking devices with fake chips. Nothing to do with this (yet to be corroborated by others) problem.

http://www.amazon.com/gp/customer-reviews/R208GYSGXQ134N/ref=cm_cr_pr_viewpnt?ie=UTF8&ASIN=B012YUANZK#R208GYSGXQ134N

Here a guy with an Intel Galileo board:
https://communities.intel.com/thread/80586?start=0&tstart=0

Posts on RepRap forums:
http://forums.reprap.org/read.php?262,589133

I hope that is enough to corroborate that this is a real issue? 2 minutes googling for the "NON GENUINE DEVICE FOUND!" phrase.

And while the old thread was about bricking the non-genuine hw, the same arguments are being rehashed again - often by the same people.


« Last Edit: January 31, 2016, 06:03:38 pm by janoc »
 

Offline staze

  • Frequent Contributor
  • **
  • Posts: 820
  • Country: us
  • I _might_ have a problem...
    • Everybody Staze...
Re: FTDIgate 2.0?
« Reply #158 on: January 31, 2016, 06:08:25 pm »
Son of a....

I spent, literally, 4 hours yesterday trying to troubleshoot a 3d Printer (Tinyboy 3D), with it not working. MProg from FTDI said the chip was fine (right vendor and product ID), but it just wouldn't work. I tried every driver I could find. Finally, I uninstalled the driver, disabled wifi, plugged it in, waited for Windows 7 to install the version it knew (2.4 something), used Mprog 3.5 to reprogram the chip as legit (as per: ), unplugged, replugged (at which point windows reinstalled it again, with 2.4), and suddenly it started working! I can confirm this "Non Genuine" serial data, since I opened up the Arduino IDE and saw that on the serial console.

You know, I sympathize with FTDI. They're having their tech ripped off. But, it's inappropriate to punish end users who don't have any say. Sure, we could not buy stuff that uses counterfeit chips, but many sellers aren't even going to know. FTDI should be pursuing the counterfeiters in China, and using what legal system China has to stop it. Either that, or create a version of the chip that has such a low price point, they put the cloners out of business by providing legit-working-alternatives for a price point. So annoying that I've lost time because FTDI does this crap, and apparently Microsoft is okay with it (I don't see how this should have passed WHQL). 
“Give a man an answer, he’ll keep his job for a day. Teach a man to Google, and he’ll be employed for a lifetime”
 

Offline miguelvp

  • Super Contributor
  • ***
  • Posts: 5550
  • Country: us
Re: FTDIgate 2.0?
« Reply #159 on: January 31, 2016, 06:11:30 pm »
Intel used fake FTDI chips for their Gen 2 Galileo?

That's beyond funny :)

I do have a Galileo 1st gen, I wonder if it has a fake FTDI chip as well. Not that it matters much because the Gen1 Galileo is pretty useless since their GPIO is via I2C (or was it SPI) anyways this is hilarious.  :-DD

At least Intel will probably roll out a firmware update with their own VID and PID with their own drivers to support the fake chips.
 

Offline wraper

  • Supporter
  • ****
  • Posts: 16791
  • Country: lv
Re: FTDIgate 2.0?
« Reply #160 on: January 31, 2016, 06:17:00 pm »
Intel used fake FTDI chips for their Gen 2 Galileo?

That's beyond funny :)
It does not have FT232 and why it would have? The guy just connected a counterfeit adapter to it.
 

Offline Karel

  • Super Contributor
  • ***
  • Posts: 2214
  • Country: 00
Re: FTDIgate 2.0?
« Reply #161 on: January 31, 2016, 06:21:05 pm »
At least Intel will probably roll out a firmware update with their own VID and PID with their own drivers to support the fake chips.

That's exactly what FTDI wants to achieve, let the fake chip users write and use their own drivers instead of profiting
from the work of others without permission.
Apparently, it's not that easy to write your own stable and reliable drivers. It's easier to let others do that job for you,
preferably for free...


 

Offline donmr

  • Regular Contributor
  • *
  • Posts: 155
  • Country: us
  • W7DMR
Re: FTDIgate 2.0?
« Reply #162 on: January 31, 2016, 06:28:41 pm »
Since @suicidaleggroll didn't read the original discussion, he is uninformed that there is no reliable way for ANYONE (including legitimate distributors and board assemblers) to definitively identify genuine chips vs counterfeit. Many legitimate, official, authorized supply lines have discovered counterfeit chips, sometimes only revealed when the end-user tried to use the product.
...

Apparently FTDI can tell them apart or at least thinks they can.  Why doesn't FTDI help us all detect impostor parts by explaining the difference?  Yes then the fakers will replicate that too but that is what happens when you are an industry leader, you have to keep running to stay in the lead.

Ideally they would make use of the existing IP protection laws to identify their parts and prosecute forgers.
 

Offline LoyalServant

  • Regular Contributor
  • *
  • Posts: 65
  • Country: us
Re: FTDIgate 2.0?
« Reply #163 on: January 31, 2016, 06:30:44 pm »
Since I stopped using FTDI stuff in my products because of the last time I can breathe easy.
Counterfeits have been found in the legitimate supply chain.
Who wants to take a risk on this?

What moron at FTDI thinks this is a viable business decision?
So what.. I am small potatoes to them
But thousands of us means a lot of lost revenue.

So here is to my heels digging in deeper and not using FTDI.
They proved here that I made the right choice.
 

Offline mtdoc

  • Super Contributor
  • ***
  • Posts: 3575
  • Country: us
Re: FTDIgate 2.0?
« Reply #164 on: January 31, 2016, 06:47:22 pm »
Yep, all FTDI is accomplishing is causing consumers to doubt the reliability of anything with an "FTDI" chip.

For someone like me who feeds his electronics hobby with various cheap boards and do-dads interfacing with USB, I now actively avoid anything that claims to use an FTDI chip since I have no way of knowing authenticity before hand.
 

Offline janoc

  • Super Contributor
  • ***
  • Posts: 3781
  • Country: de
Re: FTDIgate 2.0?
« Reply #165 on: January 31, 2016, 07:26:21 pm »
At least Intel will probably roll out a firmware update with their own VID and PID with their own drivers to support the fake chips.

That's exactly what FTDI wants to achieve, let the fake chip users write and use their own drivers instead of profiting
from the work of others without permission.
Apparently, it's not that easy to write your own stable and reliable drivers. It's easier to let others do that job for you,
preferably for free...

Yay, someone didn't bother to read. Intel or anyone else will not write anything, the Galileo board was fine. The guy just used an USB-to-UART cable with a bad chip.

I suggest you read the article next time. Also, nobody needs to write any drivers - Windows (and other OSes) come with just fine drivers for the  USB CDC class.

« Last Edit: January 31, 2016, 08:54:56 pm by janoc »
 

Offline miguelvp

  • Super Contributor
  • ***
  • Posts: 5550
  • Country: us
Re: FTDIgate 2.0?
« Reply #166 on: January 31, 2016, 07:36:01 pm »
Who has the time, but I did go through the BOM for both Gen 1 and Gen 2, no FT232 in sight.

Well, he should return his cheap and unsupported USB-UART adapter :)
 

Offline janoc

  • Super Contributor
  • ***
  • Posts: 3781
  • Country: de
Re: FTDIgate 2.0?
« Reply #167 on: January 31, 2016, 07:40:42 pm »
apparently Microsoft is okay with it (I don't see how this should have passed WHQL).

They were ok even with the previous version that was bricking the chips and then pulled it later. I think the WHQL doesn't mean much here - FTDI has some sort of privileged position because their drivers ship directly with Windows, unlike most third-party vendors. So their stuff likely gets only the basic "does it cause BSOD/eat data" test and that's it, because they are trusted.



 

Offline janoc

  • Super Contributor
  • ***
  • Posts: 3781
  • Country: de
Re: FTDIgate 2.0?
« Reply #168 on: January 31, 2016, 07:50:08 pm »
Who has the time, but I did go through the BOM for both Gen 1 and Gen 2, no FT232 in sight.

Well, he should return his cheap and unsupported USB-UART adapter :)

Widlarize it. However, it is a royal pain when an automatic OS update breaks things behind your back, because some idiot in a board room somewhere thought that it is a good idea. I know why Windows doesn't get anywhere near my hardware and FTDI marked chips nowhere near my projects after this.



 

Offline FrankBuss

  • Supporter
  • ****
  • Posts: 2365
  • Country: de
    • Frank Buss
Re: FTDIgate 2.0?
« Reply #169 on: January 31, 2016, 07:52:08 pm »
So their stuff likely gets only the basic "does it cause BSOD/eat data" test and that's it, because they are trusted.
After this second incident I really hope this trusted state gets revoked. Otherwise other companies might get encouraged to do similar things.
So Long, and Thanks for All the Fish
Electronics, hiking, retro-computing, electronic music etc.: https://www.youtube.com/c/FrankBussProgrammer
 

Offline Refrigerator

  • Super Contributor
  • ***
  • Posts: 1540
  • Country: lt
Re: FTDIgate 2.0?
« Reply #170 on: January 31, 2016, 07:59:50 pm »
When two guys fight, the third one usually wins.

Let's face it, FTDI will never muffle fake chips, you shouldn't underestimate the ingenuity of the chinese.

This is actually a good thing. FTDI now has a reason to innovate, bring a new chip with some whiz-bang security and maybe some other new and improved features.
I have a blog at http://brimmingideas.blogspot.com/ . Now less empty than ever before !
An expert of making MOSFETs explode.
 

Offline SeanB

  • Super Contributor
  • ***
  • Posts: 16270
  • Country: za
Re: FTDIgate 2.0?
« Reply #171 on: January 31, 2016, 08:10:07 pm »
Doubt that, more likely they will just lose to better clones, and then try even harder for next time.
 

Offline Karel

  • Super Contributor
  • ***
  • Posts: 2214
  • Country: 00
Re: FTDIgate 2.0?
« Reply #172 on: January 31, 2016, 08:29:02 pm »
Yep, all FTDI is accomplishing is causing consumers to doubt the reliability of anything with an "FTDI" chip.

For someone like me who feeds his electronics hobby with various cheap boards and do-dads interfacing with USB, I now actively avoid anything that claims to use an FTDI chip since I have no way of knowing authenticity before hand.

Most of the consumers don't have any knowledge about what's inside a device.
And people who bought fake chips and got burned and because of that start to avoid FTDI chips,
well, they don't make any difference for FTDI because they didn't buy genuine chips in the first place.
The point is, FTDI has nothing to loose. If they don't brick fake chips, people will continue to buy those fake chips.


 

Offline janoc

  • Super Contributor
  • ***
  • Posts: 3781
  • Country: de
Re: FTDIgate 2.0?
« Reply #173 on: January 31, 2016, 08:47:05 pm »
Most of the consumers don't have any knowledge about what's inside a device.
And people who bought fake chips and got burned and because of that start to avoid FTDI chips,
well, they don't make any difference for FTDI because they didn't buy genuine chips in the first place.
The point is, FTDI has nothing to loose. If they don't brick fake chips, people will continue to buy those fake chips.

Most of the consumers no, but FTDI doesn't get their money from consumers. They get the money from companies designing in their hw. And I would not be surprised at all if they lost business because of this type of behaviour. Who is going to take the risk that a vendor of a $2 serial to usb bridge won't go berserk in the future and sends out a driver that will accidentally damage even legit hardware? Mistakes happen and it wouldn't be unprecedented.

Add to it the fact that they don't make it at all easy for the OEMs to actually check whether their stock is legitimate, people would have to be insane to design in their products after this. Enormous potential liability for a two buck chip? Who is going to risk that when there are plenty of alternatives without history of such dick moves?

They have plenty to lose, IMO.







« Last Edit: January 31, 2016, 08:49:32 pm by janoc »
 

Offline f4eru

  • Super Contributor
  • ***
  • Posts: 1086
  • Country: 00
    • Chargehanger
Re: FTDIgate 2.0?
« Reply #174 on: January 31, 2016, 08:54:31 pm »
Oh Wow, FTDI did push malware to Windows drivers again.

For my part, I switched to MCP2221 when the original FTDIgate was out.


Share me

Digg  Facebook  SlashDot  Delicious  Technorati  Twitter  Google  Yahoo
Smf