We can and do because we use franchised distributors, source all components ourselves and outsource build-only to a trusted, reliable assembler. Every manufacturer could do the same (or in-house build) but if you want to save cost by outsourcing to China, then yes, forget it. It is cost saving and profit greed that allows counterfeiting.In your naive world there would be no counterfeit money either There is money to be made so somehow somewhere there is always someone who manages to slip in counterfeit items and make a profit.Can we stop the fake money analogy?
We can and do because we use franchised distributors, source all components ourselves and outsource build-only to a trusted, reliable assembler. Every manufacturer could do the same (or in-house build) but if you want to save cost by outsourcing to China, then yes, forget it. It is cost saving and profit greed that allows counterfeiting.In your naive world there would be no counterfeit money either There is money to be made so somehow somewhere there is always someone who manages to slip in counterfeit items and make a profit.Can we stop the fake money analogy? Handing over money in the form of notes and coins in a shop carries with it no provenance; you have not thought your analogy through. Once in circulation no records are kept of its movement and there is no traceability as no provenance is expected. A respectable manufacturer does not source components from the back of a van or on ebay.
It is obvious that there was intent to trash fake chips - the code can serve no other purpose. There is no reason for it to be there on genuine chips.
I can't believe it! I have what it seems to be an original FT245RL! It passes the FTDI new driver attack.
I can't believe it! I have what it seems to be an original FT245RL! It passes the FTDI new driver attack.AFAIK the attack only affects the FT232RL. You still know nothing.
It is there to test for non-genuine chips. The test writes to EEPROM on non-genuine chips which would eventually wear them out and really brick them. Changing the PID so FTDI drivers are not loaded in the future is a good idea.
It's not coded like "oh we found a counterfeit device, go and let's brick it".
No, its much more clever: They write to the EEPROM in a way that is ignored by the original but that makes a fake one unusable.
So they would get away with a lawsuit. It's can't be proved that they deliberately sabotaged "compatible" devices.
The same code is executed for a genuine and a counterfeit device. It "just" happens that a counterfeit dies from it.
Sure we all know that this was the purpose. But that no lawsuit proof evidence.
I can't believe it! I have what it seems to be an original FT245RL! It passes the FTDI new driver attack.AFAIK the attack only affects the FT232RL. You still know nothing.
Hmm.. Let me check that for you...
For my part are they checking online with the manufacturer a unique Identifier pair or whatever, so the forged chips are identified but no way are you changing data on a chip that is not your creation in the beginning.
Confirmed. FT245RL is attacked by the new driver too.
So it's impossible to use your device without an internet connection simply due to the verification process?
Reading out any sort of constant identifier is as trivial to fake as the VID/PID.
And adding any sort of cryptographic verification would likely require a very significant area overhead.
So it's impossible to use your device without an internet connection simply due to the verification process?Yeah I know not preferred but still better than messing up another manufacturers device.
Ok how about the bus lane analogy.
Bus company builds bus lanes and busses to run on them.
The bus lanes were being used by lots of other vehicles.
Bus company installs (without telling anyone) control devices: http://en.wikipedia.org/wiki/Sump_buster
Hilarity ensues as they didn't provide enough warning signs.
Except in this case FTDI didn't irreversibly damage the problem devices. Its FTDI's software driver, if some other product decides it wants to use the driver without co-ordinating or licensing with FTDI then they have no control over what will happen to their device. FTDI didn't publish or offer their interface for free, there is no standard involved, they can do what they like when a device identifies to use their software.
Confirmed. FT245RL (USB to Parallel Port) is attacked by the new driver too. You can now add FT245 to the Topic title. I'm attaching the USB transactions and the part were it's trying to do exactly the same as with the FT232RL. No surprise for me, beeing that FTDI used exactly the same die for the FT232RL and their behaviour is 99% similar. Just a couple of things more here and less there in the firmware, and a FT232RL can be easily converted to a FT245RL and viceversa (that was the same thing the counterfeiters must thought too).
Ok how about the bus lane analogy.
Bus company builds bus lanes and busses to run on them.
The bus lanes were being used by lots of other vehicles.
Bus company installs (without telling anyone) control devices: http://en.wikipedia.org/wiki/Sump_buster
Hilarity ensues as they didn't provide enough warning signs.
Except in this case FTDI didn't irreversibly damage the problem devices. Its FTDI's software driver, if some other product decides it wants to use the driver without co-ordinating or licensing with FTDI then they have no control over what will happen to their device. FTDI didn't publish or offer their interface for free, there is no standard involved, they can do what they like when a device identifies to use their software.
I'm struggling to see if there is a consensus of option. Is it wrong for FTDI to intentionally break clones? I'm not interested in legality, I'm interested in people's opinions on ethics.
This bus lane analogy suggests that FTDI should be able to intentionally break clones provided that they let people know that this is what they are doing. Is that fair enough?
I like analogies, so here's my contribution:
I once went to a wrist watch shop to have a counterfeit watch repaired. Upon inspecting the watch, the shop keeper declared that "normally" he would have to cease and destroy such a counterfeit product, but that he would let me off this time. I didn't say anything at the time but I was certain he was wrong. No individual or company should have the right to destroy other people's possessions simply because the possession imitates something else. Only the legal authorities should be able to do this and only when the possession is intended for criminal activity; I only had one counterfeit watch, I had no intention of selling it, and so no one should be able to take it away from me.
Except in this case FTDI didn't irreversibly damage the problem devices. Its FTDI's software driver, if some other product decides it wants to use the driver without co-ordinating or licensing with FTDI then they have no control over what will happen to their device. FTDI didn't publish or offer their interface for free, there is no standard involved, they can do what they like when a device identifies to use their software.
Confirmed. FT245RL (USB to Parallel Port) is attacked by the new driver too. You can now add FT245 to the Topic title. I'm attaching the USB transactions and the part were it's trying to do exactly the same as with the FT232RL. No surprise for me, beeing that FTDI used exactly the same die for the FT232RL and their behaviour is 99% similar. Just a couple of things more here and less there in the firmware, and a FT232RL can be easily converted to a FT245RL and viceversa (that was the same thing the counterfeiters must thought too).The FT245RL also has bcdDevice = 0x600, so this is no surprise. The driver attacks all devices with bcdDevice == 0x6xx that have a valid EEPROM checksum. In fact, I don't even think you can tell those two chips apart - at least the Linux driver considers them the same.
The test writes to EEPROM on non-genuine chips which would eventually wear them out and really brick them.
So FTDI could just have used their knowledge to detect the counterfeit in their driver and restore it to the original counterfeit configuration right before disallowing the use of their drivers without giving feedback on why it wouldn't work.
Confirmed. FT245RL (USB to Parallel Port) is attacked by the new driver too. You can now add FT245 to the Topic title. I'm attaching the USB transactions and the part were it's trying to do exactly the same as with the FT232RL. No surprise for me, beeing that FTDI used exactly the same die for the FT232RL and their behaviour is 99% similar. Just a couple of things more here and less there in the firmware, and a FT232RL can be easily converted to a FT245RL and viceversa (that was the same thing the counterfeiters must thought too).The FT245RL also has bcdDevice = 0x600, so this is no surprise. The driver attacks all devices with bcdDevice == 0x6xx that have a valid EEPROM checksum. In fact, I don't even think you can tell those two chips apart - at least the Linux driver considers them the same.I think you meant 0x6001 and 0x600x.Sorry. I didn't read that you talked about bcdDevice, not PID. Yes. 6.00 (0x600) is the revision of this version. Still:
You can differentiate them by reading a couple of EEPROM bytes. That's how FTProg does it. I know this chips upside down.