The Register Follows with, FTDI yanks chip-bricking driver from Windows Update, vows to fight on:
Chipmaker FTDI has pulled a driver from Windows Update that could brick devices containing knockoff versions of its USB-to-serial bridge chips, but says it won't back down on its aggressive anti-counterfeiting stance.
Earlier this week, hackers from various hardware forums began noticing that FTDI's latest driver would set a USB device's USB product ID to 0 if it contained a fake version of one of FTDI's chips. Once zeroed, neither Windows, OS X, nor Linux would recognize the device anymore, rendering it useless.
Naturally, owners of devices containing the counterfeit chips were less than pleased.
Responding to the growing furor, FTDI now says it has yanked the offending driver from Windows Update so that Windows users will no longer receive it automatically. But it says it has no intention of giving up the fight against (presumably) Chinese chip knockoff artists.
Related article: FTDI Driver is Disabling Fake Chips
Related Stories
FTDI, not bound to stop at last year's anti-counterfeiting attempt of bricking fake chips has again pushed a driver update via Windows update that inserts the ASCII Text "NON GENUINE DEVICE FOUND!" in the serial transmission. More information can be found on this EEVBlog forum thread: http://www.eevblog.com/forum/microcontrollers/ftdi-gate-2-0/
Previous coverage:
FTDI Driver is Disabling Fake Chips
Update: FTDI Yanks Chip-Bricking Driver from Windows Update, Vows to Fight on
Spotted over at Hackernews is a link to an eevblog posting on FTDI drivers recognising and disabling "fake" devices.
Future Technology Devices International, commonly known by its abbreviation FTDI, is a Scottish privately held semiconductor device company, specializing in Universal Serial Bus technology.
The FTDI FT232 is a widely used USB to serial converter component; there are, however, some cases of compatible "clone" devices being used in products rather than the official FTDI chips.
It appears that the latest official FTDI driver now recognises these devices and when it encounters them it reprograms the product ID so that the device is no longer recognised, and will not work. (These devices can, however, be reprogrammed and recovered using Windows/XP or Linux.) FTDI have stated that the user has allowed them to do this as part of the driver license agreement.
The Linux driver is still safe, but the binary blob from Windows update is now something that we should all blacklist and uninstall, for our own safety. I've already bricked one of my FTDI boards. Will FTDI reimburse me for the purchase and time it will now take to undo all this damage? I doubt it. Did they think this fully through before launching a hostile attack on their end-users? I doubt that, too.
More comments on the original hackernews thread.
(Score: 2) by aristarchus on Saturday October 25 2014, @07:00AM
Is this only a Windows problem, so that the majority, the vast majority (except Hairyfeet), is immune from such shennanigans? FTDI? We have a blacklist, we could add you to it, if you so desire.
(Score: 2) by maxwell demon on Saturday October 25 2014, @08:19AM
Well, it's a problem that affects every such device which ever was connected to a running Windows system having that driver. Even if now the device is connected to a Linux or Mac computer. Yes, the problem is easy to repair if you know what happened, but the point is, it is no longer operating as intended unless you do corrective measures.
The Tao of math: The numbers you can count are not the real numbers.
(Score: 1) by anubi on Saturday October 25 2014, @08:53AM
Are there any programs out there that will unbrick this?
Even though I have Microsoft Update turned off, its just a software switch, and I have the strong idea Microsoft may ignore it if they want to. They may have this rogue code in my machine right now as far as I can tell.
The only way I can trust a Microsoft box is to get it running, make sure there is no wireless hardware, then pull the RJ45. I am terrified of using this kind of "business class" software for critical design work.
About the last thing I need is my Microsoft box bricking my download cables when I am at the customer site trying to get new code into my embedded boxes.
Stuff like this sure has eroded my trust in Business-Class software.
"Prove all things; hold fast that which is good." [KJV: I Thessalonians 5:21]
(Score: 1, Troll) by FatPhil on Saturday October 25 2014, @09:15AM
Yes.
Ever heard of things called "search engines"?
Great minds discuss ideas; average minds discuss events; small minds discuss people; the smallest discuss themselves
(Score: 2) by maxwell demon on Saturday October 25 2014, @09:28AM
I though I had seen something on how to correct the ID on a page linked from the other story, but it turns out I was wrong, and instead it described how to make Linux accept the changed ID.
The Tao of math: The numbers you can count are not the real numbers.
(Score: 1) by axsdenied on Saturday October 25 2014, @09:28AM
Seriously?
It looks like you took the "not reading the original source" a step further by not even read the summary.
I can't believe people make comments based on headings only now.
(Score: 2) by davester666 on Saturday October 25 2014, @07:13AM
Just make their driver fail to work with the chip, or if they wanted to be nice, display an error to the user saying the chip is not a real FTDI chip, so they have to get the driver from the real chip manufacturer.
(Score: 1, Redundant) by maxwell demon on Saturday October 25 2014, @08:26AM
Well, clearly they don't want to be nice. But I agree, having the driver refuse to work with the chip would be a reasonable response. After all, if the driver can distinguish the chip from the original one, the chip obviously behaves differently, so proper operation cannot be guaranteed. Not trying to operate it is therefore a reasonable step.
The Tao of math: The numbers you can count are not the real numbers.
(Score: 0) by anubi on Saturday October 25 2014, @08:32AM
Excellent response.
A lot of people have a lot of money invested in their products and really can't afford a massive deliberately caused failure rate triggered by FTDI. I figured a generic driver will become available which honors all pids, with open source so it could be verified and trusted. Only very trusting people would then load the FTDI drivers, knowing full good and well that its been known to deliberately cause problems.
I was very thankful for the heads up on this, as the little company I am now working for is in the middle of a design which involved either Prolifics or FTDI chips. Upon seeing this story, and seeing Prolific also had used similar tactics, we decided to make the interface plain serial TTL, and use a download cable. Surface mount chips are damned hard to remove and a board made with a bricked chip becomes a brick itself.
FTDI made a move that puts it in the same class of people who have been known to be very destructive of company property in order to vent a grudge. Put simply, we feel we have to watch them like a hawk if they are anywhere around. Sure, they may apologize and try to make it right, but once someone has done this, the trust just isn't there anymore. I no longer trust FTDI, and this only added fuel to the anecdotes of Microsoft's antics and how low Microsoft will stoop to use the trust given to them to enforce another's grudge.
Personally, the fact Microsoft would allow such a thing through their update system speaks volumes about how little Microsoft values the trust of the people who run their software. Far as I am concerned, its like having a hired hand which cannot be trusted around the place.
You oughta seen the meetings that took place this morning in our shop. No one believed it, until we followed the links provided. Then all sorts of sighs and exasperation... it was almost like getting a patent violation lawyer letter in the mail telling us in this great country of free enterprise that we would no longer be allowed to build stuff for our keep, and be required to shut down, and go onto welfare, because someone already called dibs on some little circuit topology we all thought was wide open.
I am very happy to see they pulled it, but I also wonder just how many land mines are now out there... just waiting for some unwary soul to step on.
Someone needs to spend some time in jail for this. Anyone else who personally caused so much grief to so many other people would certainly see a few years for it.
"Prove all things; hold fast that which is good." [KJV: I Thessalonians 5:21]
(Score: 3, Informative) by axsdenied on Saturday October 25 2014, @09:35AM
That is actually exactly what is happening. The new driver will not work with fake FTDI chips but won't soft-brick them. That detail was omitted from the summary but was mentioned in the original article.
By the way, the latest version of the drivers that work with all devices (fake or not) is 2.10.0.0, released on January 27th 2014.
(Score: 3, Insightful) by tonyPick on Saturday October 25 2014, @08:33AM
fake version of one of FTDI's chips
It's only fake if it's got an FTDI logo printed on it. Otherwise we call it "Compatible", and third parties doing register compatible version of chips is something that's been widely accepted for decades... Anyone remember "Soundblaster Compatible" cards?
(Score: 2) by maxwell demon on Saturday October 25 2014, @08:41AM
On the other hand, if the chips had been truly compatible, the driver would not have been able to tell them apart from the original ones.
The Tao of math: The numbers you can count are not the real numbers.
(Score: 2) by tonyPick on Saturday October 25 2014, @08:57AM
Good point - how about "mostly compatible"? :)
However there's a connotation in a few places that this is the result of some sort of devious underhanded plan to sell fakes on to consumers, when in fact there's nothing remotely wrong or unusual about producing a third party providing a drop in replacement part for an OEM component, from subsystems like graphics and soundcards to 386 clones all the way down to individual chips like 555 timers or 741 opamps. Feel free to throw in car parts as well for a suitable automotive analogy as well.
(Of course if the new driver had simply "not worked" with the third party components, maybe using features the clones didn't implement correctly then that wouldn't have been a problem, but including code to break compatible devices? Bad.)
(Score: 2, Informative) by axsdenied on Saturday October 25 2014, @09:44AM
It is not that simple. The fake chips often:
- look identical, including logos
- do not work properly, crash or lose connection randomly
- are being sold as genuine. Even the suppliers of the chips sometimes can't distinguish between fakes or not and this is a big problem.
- break FTDI's TOS for their drivers which specifically prohibits this.
And "mostly compatible" is not good enough. And I build devices for living and I would never use them. Their manufacturer's should write their own drivers and that would solve the problem.
(Score: 3, Insightful) by tonyPick on Saturday October 25 2014, @10:42AM
If they're duplicating logos and being sold as genuine these are fakes, which is a straightforward copyright problem.
However not all the devices damaged by this driver will be fakes - there's a bunch of devices out there that are drop in replacements and are clearly labelled as such, and work as well as "official" FTDI parts (and in a couple of cases better). The driver can't look at the top of the chip and figure any of this out, it just breaks it, and that's taking out compatible devices alongside the fakes.
And on taking out the fakes:
And I build devices for living and I would never use them.
Even the suppliers of the chips sometimes can't distinguish between fakes or not
So if the supplier (and by extension you) can't tell, and FTDI will randomly deliver updates which break things that you've built or deployed, and you're happy with that? I'm not touching an FTDI chip again for this reason alone.
(Score: 1) by axsdenied on Saturday October 25 2014, @01:07PM
1. It is a copyright problem but how do you enforce it? It was a dick move from FTDI to do what they did.
2. I don't think you understand the problem, this is not comparable to Intel/AMD and the Soundblaster story. All those fake chips are drop-in replacement. Yes, you can swap the chip but drivers is where the problem is.
The other manufacturers are making chips which emulate the FTDI chips (with fake labels or not). However, they are using FTDI drivers which clearly state that they are to be used "only with the genuine FTDI chips". Hence, at least they are breaking the FTDI driver's licensing agreement.
If they can make a "compatible chip", why can't they make a driver as well instead of breaking the licensing agreements. End of story.
3. How can an FTDI compatible chip "in a couple of cases (be) better" than the original if it uses the FTDI drivers and if it is expected to behave identically as the original? Again you are looking at the wrong analogy.
4. The real problem is not FTDI changing drivers but all the fake crap that does not work properly. In the end in consumer's eyes it is our product that does not work or the FTDI's reputation that gets tarnished.
And reputable suppliers will go to great lengths to provide genuine products.
And there are not many alternatives in the commercial world that work and that are proven like the FTDI chips (although some of the FTDI stuff are horrible pieces of junk). Find me one and I may look into it.
(Score: 2) by tonyPick on Saturday October 25 2014, @01:55PM
The other manufacturers are making chips which emulate the FTDI chips (with fake labels or not). However, they are using FTDI drivers which clearly state that they are to be used "only with the genuine FTDI chips". Hence, at least they are breaking the FTDI driver's licensing agreement.
Actually if the FTDI driver just didn't work with the compatible devices that'd be one thing, but they're permanently disabling third party HW that gets plugged into a PC with their drivers - This is a step too far for me. Also as pointed out in a few places, the license notice that they're doing this is *inside* the driver files.
This deserves a longer response than I can do now, but there's a couple of good postings on the microchip board about the problems this would cause: http://www.microchip.com/forums/FindPost/828154, [microchip.com] http://www.microchip.com/forums/FindPost/828129 [microchip.com]
If they can make a "compatible chip", why can't they make a driver as well instead of breaking the licensing agreements. End of story.
They can - then they would have to sign up with Microsoft to get the driver distributed, and if they wanted a unique VID/PID combination they'd probably have to sign up with the USB consortium; it's just way (way) simpler to make something compatible with the existing deployed driver. And we're talking about USB/Serial chip interface here - for all FTDI's claims of massive IP investment, this is trivial stuff.
And on a side note - the whole "Soundblaster compatible" thing (alongside "Hayes Modems" or "VGA Cards") was exactly this case: to allow the clone manufacturers to drop in HW on top of the de-facto standard drivers and software systems that had already been deployed on PC's without having to develop a raft of software themselves.
How can an FTDI compatible chip "in a couple of cases (be) better" than the original if it uses the FTDI drivers and if it is expected to behave identically as the original? Again you are looking at the wrong analogy.
Functionally it's just a USB to RS232 converter - but it may have better supply tolerances, or thermal range or any one of a set of other tolerance or manufacturing improvements; I'll point at this teardown, which is of a fake, but is on a more advanced manufacturing technology than the "official": http://zeptobars.ru/en/read/FTDI-FT232RL-real-vs-fake-supereal [zeptobars.ru] (it looks to be a Microcontroller with a ROM mask to emulate the FTDI instruction registers)
And again, the problem here isn't if the FTDI drivers work with the clones or not, it's that they're breaking them: See this:
https://www.publicknowledge.org/news-blog/blogs/ip-rights-arent-a-license-to-kill-devices-and-no-fine-print-doesnt-make-it-ok [publicknowledge.org]
So whether or not FTDI has any trademark rights, copyrights, or other rights in whatever the knockoff chips are copying, the actual physical chips themselves are the property of their users, and FTDI doesn’t have the right to break them. A French vintner can’t stroll down the aisles of an American wine store with a hammer, shattering bottles of “California Champagne.” Roving gangs of Nike enforcers can’t rip fake Jordans off the feet of passing kids. And we don’t have Givenchy shock troops marching down Canal Street taking flamethrowers to fake handbags. If your IP rights are being infringed, the proper course of action is to go to court, not take the law into your own hands.
(Score: 2) by tonyPick on Saturday October 25 2014, @03:47PM
My bad here. Sad as I am I followed this up :)
it may have better supply tolerances, or thermal range or any one of a set of other tolerance or manufacturing improvements
Huh. Specifically I was thinking that one of the drop in clone parts I'd seen referenced on the eevblog (the IZ232) had bigger Rx FIFO's than the FT232 when I wrote this, but it turns out the data sheets use a different direction when referring to Tx and Rx. Ooops. Otherwise everything quoted in the data sheets looks identical...
I believe there's also a CoreChips clone, but I haven't seen the data for that... (DS links are available from http://www.eevblog.com/forum/reviews/ftdi-driver-kills-fake-ftdi-ft232/msg535577/#msg535577) [eevblog.com]
(Score: 2) by mojo chan on Sunday October 26 2014, @09:09AM
Most of them do have FTDI logos on them, but not all. I suppose shipping FTDI drivers with them is also copyright violation, technically. Doesn't justify bricking though.
const int one = 65536; (Silvermoon, Texture.cs)
(Score: 2) by FatPhil on Saturday October 25 2014, @10:22AM
It's the real ones that are "cheaply" manufactured, and which are selling for a higher price.
So basically, fuck FTDI, they're the ones ripping you off.
Great minds discuss ideas; average minds discuss events; small minds discuss people; the smallest discuss themselves
(Score: 1) by Gertlex on Saturday October 25 2014, @02:42PM
I got a different vibe from that article, probably due to the way it was portrayed when I saw it on HackADay earlier this year. I'm led to infer that FTDI's chip design and manufacturing setup predate the commercial viability of the "more advanced tech". It sounds like the crafty Chinese reverse-engineers took modular blocks of pre-existing logic and created a mostly functionally equivalent knockoff with modest effort. (Obviously I haven't investigated the timelines that would in/validate these assumptions.)
(Also it seems like FTDI is the one writing drivers, not the Chinese, so that's paid for in part by higher price, perhaps?)
http://hackaday.com/2014/02/19/ft232rl-real-or-fake/ [hackaday.com]
(Score: 2) by emg on Saturday October 25 2014, @05:08PM
So it sounds like these guys could build a better chip that they could sell for less money, and compete against their competitors. But they'd rather create a PR backlash that leads to anyone designing circuits adding them to their 'don't use if there's any viable alternative' list.
(Score: 1) by Gertlex on Saturday October 25 2014, @05:11PM
But what part of the FTDI chip needs to be better? (I have no idea) Perhaps lower power could be obtained, but I have no idea how much power it uses. Really just a prime case of don't fix what isn't broken...
(Score: 2, Informative) by jbruchon on Saturday October 25 2014, @03:53PM
See https://lkml.org/lkml/2014/10/23/129 [lkml.org] and the awesome "fuck you" from the kernel devs at http://marc.info/?l=linux-usb&m=141405129201389&w=2 [marc.info]
I'm just here to listen to the latest song about butts.
(Score: 2) by darkfeline on Saturday October 25 2014, @05:13PM
>This is definitely not targeting end users.
I have no respect for FTDI anymore.
For anyone who's curious, the second link says that Linux devs added support for bricked devices (FTDI VID+0 ID).
Join the SDF Public Access UNIX System today!
(Score: 0) by Anonymous Coward on Saturday October 25 2014, @07:31PM
The patch seems to be a joke/troll (judging from the replies to the thread), and I think it actually bricks genuine FTDI chips :) (read from /* Verify EEPROM is valid */)
(Score: 4, Insightful) by LoRdTAW on Saturday October 25 2014, @05:27PM
All this update did was punish consumers who have no clue as to who FTDI is or what they do. All they know is their hardware stopped working. FTDI needs to find another way to stop the counterfeiters that does not punish consumers.
(Score: 1) by samjam on Monday October 27 2014, @08:28AM
they were probably about to get blacklisted by anti virus and malware removal vendors
(Score: 0) by Anonymous Coward on Saturday October 25 2014, @08:32PM
so the only safe move now is to not use windows update?