Author Topic: FTDIgate 2.0?  (Read 382540 times)

0 Members and 3 Guests are viewing this topic.

Offline kolbep

  • Frequent Contributor
  • **
  • Posts: 598
  • Country: za
    • ShoutingElectronics.com
Re: FTDIgate 2.0?
« Reply #175 on: January 31, 2016, 09:12:46 pm »
Flip, Just this morning I purchased 2 x USB to RS232 cables on an auction site.
That was before I read about the FTDIGate 2.0.

I hope these do not use FTDI clones, or they are going right back....
====================================
www.ShoutingElectronics.com Don't just talk about Electronics, SHOUT ABOUT IT! Electronics Blog Site and Youtube Channel
 

Offline miguelvp

  • Super Contributor
  • ***
  • Posts: 5550
  • Country: us
Re: FTDIgate 2.0?
« Reply #176 on: January 31, 2016, 10:12:36 pm »
Intel used fake FTDI chips for their Gen 2 Galileo?

That's beyond funny :)

I do have a Galileo 1st gen, I wonder if it has a fake FTDI chip as well. Not that it matters much because the Gen1 Galileo is pretty useless since their GPIO is via I2C (or was it SPI) anyways this is hilarious.  :-DD

At least Intel will probably roll out a firmware update with their own VID and PID with their own drivers to support the fake chips.

That will be a huge PR problem for Intel. If that was true and I was Intel CEO, I will buy the company (FTDI) and silent it.

Apparently it wasn't the Galileo, just a USB/UART adaptor.
 

Offline milsorgen

  • Newbie
  • Posts: 1
  • Country: us
    • Streets of Idaho
Re: FTDIgate 2.0?
« Reply #177 on: January 31, 2016, 10:13:55 pm »
For a year after the first "FTDIgate" I think they did nothing to educate the suppliers and designers about how to be sure they are buying genuine parts. Refusing to work with counterfeits or sending some warnings through the chips must be THE FINAL STEP of a long educational/certification process - not the first step!

I also think that this attitude will turn people away from using FTDI.

I think you put this current fiasco into perfect focus.
 

Offline nikomo

  • Newbie
  • Posts: 4
  • Country: fi
Re: FTDIgate 2.0?
« Reply #178 on: January 31, 2016, 10:59:06 pm »
I have one of those handy FT232 modules you can stick on a breadboard (red PCB, Arduino Pro pinout etc.), I figured it would be a fake for sure, but wanted to know (and I only really use it on Linux systems), so I plugged it into my Windows box, let the drivers update, but it works.

People get fake chips in real products, and real chips in dodgy Chinese modules. Kinda funny.
Or the Chinese figured out how to make a fake so good, it won't get noticed by FTDI, and people are suffering with old chips.

Either way, I'm not using FTDI if I'm designing something myself.
 

Offline C

  • Super Contributor
  • ***
  • Posts: 1346
  • Country: us
Re: FTDIgate 2.0?
« Reply #179 on: January 31, 2016, 11:00:05 pm »
My understanding

Version 1 reprogrammed a clone using FTDI's VID to have an invalid PID.
 
Version 2 is sending garbage out the connected ports.

This leaves what will happen in version 3.
The ability to program the VID/PID is one selling point of this chip.
Company X that has it's own VID when using this chip is using some of FTDI's software.
Company X gets some chips that FTDI software ID's as clones.
FTDI is messing with there own VIP/PID where clones use FTDI's software.
Is small company X next? It's still a clone using FTDI's software!

A big company can take legal action, the small company may not have the money to correct the damage and fight the legal battle.

Ask yourself, how many small companies are dropping anything FTDI now before FTDI's version 3 to prevent as much damage as possible.
And by FTDI causing company X to rethink what is needed, it can be seeing much better ways to do the task, some of which they can market.

Better ways started FTDI down fall, clones removed more income, FTDI's actions increases the change to better ways and other company parts. The Better ways finishes it for this.

 

Offline mtdoc

  • Super Contributor
  • ***
  • Posts: 3575
  • Country: us
Re: FTDIgate 2.0?
« Reply #180 on: January 31, 2016, 11:08:45 pm »
Yep, all FTDI is accomplishing is causing consumers to doubt the reliability of anything with an "FTDI" chip.

For someone like me who feeds his electronics hobby with various cheap boards and do-dads interfacing with USB, I now actively avoid anything that claims to use an FTDI chip since I have no way of knowing authenticity before hand.

Most of the consumers don't have any knowledge about what's inside a device.

There are all types of consumers. Many are electronic hobbyists like me who are aware of the issue. Some are also professionals who use relevant devices at work and/or for personal use. It's true most end users of electronics will not know what's inside. But the end result is the same If their device stops working - > lack of trust in "FTDI" containing devices.

Quote
And people who bought fake chips and got burned and because of that start to avoid FTDI chips,
well, they don't make any difference for FTDI because they didn't buy genuine chips in the first place.
The point is, FTDI has nothing to loose.

I think you've missed my point. I have several devices with presumably genuine FTDI chips - but I don't know because I've never risked using their newer drivers and do not allow auto updates. But eventually I'll likely be forced to use them with a newer computer. Thus given a choice I am no longer buying anything that could turn out to have a fake chip in it - i.e. Any device using the "FTDI" chip.
 

Offline David97

  • Contributor
  • Posts: 47
Re: FTDIgate 2.0?
« Reply #181 on: January 31, 2016, 11:19:57 pm »
 :palm:
 

Offline electr_peter

  • Supporter
  • ****
  • Posts: 1300
  • Country: lt
Re: FTDIgate 2.0?
« Reply #182 on: January 31, 2016, 11:23:30 pm »
For those who cannot apprehend that FTDI actions (sending fake serial data) are questionable to others.

Let's say you are a home-owner and have serious financial troubles resulting in missed payments for electricity company. Electricity company sends you a letter informing you that it will discontinue contracted service in a month if no payment is made. You make no payment and after few weeks
  • a) electricity supply is cut - appliances do not work, DMM reads 0V in sockets. Electricity company says that they are under no obligation to provide contracted service for non-paying customers.
OR
  • b) electricity supply voltage level drops by half or increases twofold destroying all your home equipment. Electricity company says that they are under no obligation to provide contracted service for non-paying customers.

I hope that difference between a) and b) is clear. In a) company stops providing service. In b) company stops providing service AND decides to screw you up.
FTDI actions are similar to case b). They went one step too far.
« Last Edit: February 01, 2016, 07:18:52 pm by electr_peter »
 

Offline wraper

  • Supporter
  • ****
  • Posts: 16794
  • Country: lv
Re: FTDIgate 2.0?
« Reply #183 on: January 31, 2016, 11:50:32 pm »
Thus given a choice I am no longer buying anything that could turn out to have a fake chip in it -
As I understand, you are fine with anything that can counterfeit but does not "turn out".
 

Offline amwales

  • Regular Contributor
  • *
  • Posts: 76
  • Country: gb
Re: FTDIgate 2.0?
« Reply #184 on: February 01, 2016, 12:04:07 am »
Bugger I have quite a few of those FTDI based usb/serial boards I have no idea if they are genuine of not. I've paid anywhere from 7GBP to 2GBP for them over the years from hobbyist retailers, ebay and aliexpress. There were quite a few I've given away too, that's going to be awkward. How do I get my money back from a retailer when I can't prove what board came from where and when? I guess from now on I'll just skip buying anything with an FTDI part on it as I can guarantee ahead of time whether they will be fake or genuine. These guys are clearly idiots and I certainly won't be using their chips in any future designs and will make sure everyone I know is aware of this issue and steers well clear of them.
 

Offline amwales

  • Regular Contributor
  • *
  • Posts: 76
  • Country: gb
Re: FTDIgate 2.0?
« Reply #185 on: February 01, 2016, 12:13:23 am »
Most of the consumers don't have any knowledge about what's inside a device.

That's right they don't. But you know what a few of those consumers listen to us few when we say.
'Yikes, that's got an FTDI on it, it may work today but who knows when down the road it will just stop working because its actually a fake you bought in good faith'. Is it worth taking the risk? FTDI parts are mostly fake now if its coming out of china anyway right?
 

Offline Howardlong

  • Super Contributor
  • ***
  • Posts: 5315
  • Country: gb
Re: FTDIgate 2.0?
« Reply #186 on: February 01, 2016, 12:25:00 am »
 

Offline timb

  • Super Contributor
  • ***
  • Posts: 2536
  • Country: us
  • Pretentiously Posting Polysyllabic Prose
    • timb.us
Re: FTDIgate 2.0?
« Reply #187 on: February 01, 2016, 12:35:01 am »
Guys, let's tone down on throwing around words like "illegal" and talking about legal action. It's a bit melodramatic and undermines the legitimacy of our complaints and position as a whole.

What FTDI is doing is legal and while they could get sued, it's unknown what the outcome would be. So, instead of being wildly speculating internet lawyers, I think we should focus on, as Sgt. Joe Friday once never said, "Just the facts, ma'am."
Any sufficiently advanced technology is indistinguishable from magic; e.g., Cheez Whiz, Hot Dogs and RF.
 

Offline timb

  • Super Contributor
  • ***
  • Posts: 2536
  • Country: us
  • Pretentiously Posting Polysyllabic Prose
    • timb.us
FTDIgate 2.0?
« Reply #188 on: February 01, 2016, 01:01:27 am »
Guys, let's tone down on throwing around words like "illegal" and talking about legal action. It's a bit melodramatic and undermines the legitimacy of our complaints and position as a whole.

What FTDI is doing is legal and while they could get sued, it's unknown what the outcome would be. So, instead of being wildly speculating internet lawyers, I think we should focus on, as Sgt. Joe Friday once never said, "Just the facts, ma'am."

If someone's life support equipment failed due to FTDI gate(s), no matter who is really responsible for, FTDI is doomed, both legally and in their PR.
Let's take one step further, if the failed equipment's OEM got FTDI's consent on using it in a life support equipment, and FTDI's authorized distributor screwed up the supply chain, then it is even worse.
From my experience, that will definitely make FTDI headline of headline in all major newspapers.
Being said, the chance of that happens is narrow, but if it happens, no one can save the company. I hope their legal dept and marketing dept used their brain before making a decision.
If they do not want to get cloned, then sell it cheaper. At one pcs, FT232RL is $4.50, while its competitor, CP2104 sells for $1.43. Both are crystal less, both are full UART, and both have internal ROM (EEPROM vs OTP).

Yes, and an FTDI chip that is used for doing diagnostics on a nuclear missiles could cause it to go off and take out an entire city. Just because it's *possible* doesn't make it *plausible*.

So why sit here and speculate on things that haven't and aren't likely to happen? It's not productive and undermines the integrity of our legitimate issues.

Besides, I'm sure FTDI has a "Not for Life Support Devices" notice in the datasheet or TRM.
Any sufficiently advanced technology is indistinguishable from magic; e.g., Cheez Whiz, Hot Dogs and RF.
 

Offline FrankBuss

  • Supporter
  • ****
  • Posts: 2365
  • Country: de
    • Frank Buss
Re: FTDIgate 2.0?
« Reply #189 on: February 01, 2016, 01:11:03 am »
Oh Wow, FTDI did push malware to Windows drivers again.

For my part, I switched to MCP2221 when the original FTDIgate was out.
The MCP2221 looks very good and costs half for 100 at Digikey than the FT232 chip. Why do people still use the FTDI chip for simple USB UART dongles? And I like that it doesn't need an external oscillator, but it can generate a programmable clock output (not very accurate, but depending on the application this is all you need). It has internal flash, so no need for an additional external EEPROM to store customer VID/PID, and with the HID enumeration part you can use it as a USB I2C bridge.

Maybe you can answer some question, because you are already using this chip: From the datasheet it is not clear to me if it supports more than 115,000 baud. The formula says 12 MHz / x (with x integer), but in other chapters it says it supports only 300-115,200 baud. Can I use it with 1 MHz baud rate?

And the datasheet says it doesn't need a driver, it uses the standard virtual COM port driver on Windows. Does this mean you don't even need a custom INF file  for it? I think it is possible in Windows, if the device enumerates as CDC USB device class (see here). Is this the case for the MCP2221? And does MacOS and Linux support it?

Except for the really nice FIFO and JTAG communication modes in the FT2232H, the MCP2221 looks like the dream chip, if you want an easy USB connection for your device. I think I'll use this in one of my next products, no hassle with USB programming on a microcontroller, it just works, and you can even save an oscillator with this chip to clock the rest of your circuit, and use a cheaper microcontroller with no USB, so it might be even cost neutral or reduce overall cost.
So Long, and Thanks for All the Fish
Electronics, hiking, retro-computing, electronic music etc.: https://www.youtube.com/c/FrankBussProgrammer
 

Offline EEVblog

  • Administrator
  • *****
  • Posts: 37661
  • Country: au
    • EEVblog
Re: FTDIgate 2.0?
« Reply #190 on: February 01, 2016, 01:26:38 am »
Guys, let's tone down on throwing around words like "illegal" and talking about legal action. It's a bit melodramatic and undermines the legitimacy of our complaints and position as a whole.
What FTDI is doing is legal and while they could get sued, it's unknown what the outcome would be. So, instead of being wildly speculating internet lawyers, I think we should focus on, as Sgt. Joe Friday once never said, "Just the facts, ma'am."

Yep, always a good policy when discussing stuff like this. This a technical forum, we can and should stick to a technical analysis. Of course, talking about the company's approach and potential impacts on industry reputation is fair game too of course.
 

Offline miguelvp

  • Super Contributor
  • ***
  • Posts: 5550
  • Country: us
Re: FTDIgate 2.0?
« Reply #191 on: February 01, 2016, 01:31:55 am »
Yup, plenty of USB-UART chips, cypress offers an ft232r pin compatible chip:

https://www.eevblog.com/forum/projects/cypress-cy7c65213-a-pin-compatible-ft232r-replacement/

Not cheap, but you probably can find them for a bit under $1.50

Although there are some differences like not supporting the Oscillator Out on pin 28, well that's the only major difference:
http://www.cypress.com/knowledge-base-article/replacing-ft232r-cy7c65213-usb-uart-lp-bridge-controller-kba85921
 

Offline EEVblog

  • Administrator
  • *****
  • Posts: 37661
  • Country: au
    • EEVblog
Re: FTDIgate 2.0?
« Reply #192 on: February 01, 2016, 01:33:27 am »
News seems to be spreading, and 300 guests viewing this topic right now.
And FTDI are blocking people who mention it?
https://twitter.com/connorgoodwolf/status/693892542509748224/photo/1
 

Offline EEVblog

  • Administrator
  • *****
  • Posts: 37661
  • Country: au
    • EEVblog
Re: FTDIgate 2.0?
« Reply #193 on: February 01, 2016, 01:39:48 am »
Yep, FTDI are blocking people who mention it, including some guy with 310,000 Youtube subscribers and a propensity to rant...

« Last Edit: February 01, 2016, 01:41:34 am by EEVblog »
 

Offline iceisfun

  • Regular Contributor
  • *
  • Posts: 140
  • Country: us
Re: FTDIgate 2.0?
« Reply #194 on: February 01, 2016, 01:46:29 am »
Does anyone know the KB that rolls out this driver so I can ignore it?
 

Offline FrankBuss

  • Supporter
  • ****
  • Posts: 2365
  • Country: de
    • Frank Buss
Re: FTDIgate 2.0?
« Reply #195 on: February 01, 2016, 01:54:45 am »
Yep, FTDI are blocking people who mention it, including some guy with 310,000 Youtube subscribers and a propensity to rant...
They blocked you too, that's pathetic. So you can't comment directly under their tweets, but by now they should have heard of the Streisand effect. :-DD
So Long, and Thanks for All the Fish
Electronics, hiking, retro-computing, electronic music etc.: https://www.youtube.com/c/FrankBussProgrammer
 

Offline EEVblog

  • Administrator
  • *****
  • Posts: 37661
  • Country: au
    • EEVblog
Re: FTDIgate 2.0?
« Reply #196 on: February 01, 2016, 01:56:43 am »
They blocked you too, that's pathetic. So you can't comment directly under their tweets, but by now they should have heard of the Streisand effect. :-DD

It's only going to get worse for FTDI from here  :popcorn:
 

Offline miguelvp

  • Super Contributor
  • ***
  • Posts: 5550
  • Country: us
Re: FTDIgate 2.0?
« Reply #197 on: February 01, 2016, 02:26:03 am »
Just added FTDIGate 2.0 to Wikipedia.

https://en.wikipedia.org/wiki/FTDI

That's all good but apparently this driver has been up since  3 July 2015 as stated in the wiki and as per:
https://www.eevblog.com/forum/microcontrollers/ftdi-gate-2-0/msg854788/#msg854788

So it's not a new discovery, many reports since then but I guess this is the first one to bring up a bigger stink about it :)

A report about the July driver can be found here:
http://electropit.com/index.php/2015/09/06/arduino-nano-v3-0-clones/

and here:
https://forum.arduino.cc/index.php?PHPSESSID=21071l5u7t2agtrj5u3c25q1t7&topic=270175.msg2310682#msg2310682

« Last Edit: February 01, 2016, 02:28:41 am by miguelvp »
 

Offline onlooker

  • Frequent Contributor
  • **
  • Posts: 395
Re: FTDIgate 2.0?
« Reply #198 on: February 01, 2016, 02:48:19 am »
Quote
Wikipedia page updated.

It will be better if the tone could be more factual and neutral. As is, it may not stay there for long.
« Last Edit: February 01, 2016, 02:51:19 am by onlooker »
 

Offline FrankBuss

  • Supporter
  • ****
  • Posts: 2365
  • Country: de
    • Frank Buss
Re: FTDIgate 2.0?
« Reply #199 on: February 01, 2016, 03:04:34 am »
Updated. Subjective adjectives and adverbs are removed. I also added the exact string it send or reads, "NON GENUINE DEVICE FOUND!".
"attack" and "victim devices" sounds a bit subjective, too, maybe just state the facts. And does it read the string, too, or only send it, and send it always, one char for every char you want it to send in a loop, or just occasionally?
So Long, and Thanks for All the Fish
Electronics, hiking, retro-computing, electronic music etc.: https://www.youtube.com/c/FrankBussProgrammer
 


Share me

Digg  Facebook  SlashDot  Delicious  Technorati  Twitter  Google  Yahoo
Smf