Beware Of Counterfeit FTDI FT232RL parts
Andrew E Mileski
Posts: 77
I recently became aware of "FTDI-gate", the intentional soft-bricking of counterfeit FT232RL parts by FTDI drivers distributed via Windows Update and the FTDI website (both sources now withdrawn).
Luckily, none of my E-Bay purchased parts seem to be affected, i.e they are either genuine parts or really good fakes. My Parallax boards are also okay, but I expected that.
After some digging (the information is not readily available) I found how to test my cables, as well as E-Bay purchased parts.
There is a Linux Python script available (requires "pyusb" package to be installed):
https://marcan.st/transf/ftdi_clone_tool.py
Fake detection / bricking is based upon the EEPROM's write behaviour:
An attempt is made to overwrite the USB Product ID (0x6001) with 0x0000.
"On a real FT232RL, EEPROM writes are 32 bits and only take effect when writing odd [16 bit] addresses (addr-1, addr are updated). So, on a real device, this does nothing. On counterfeit FT232RL devices, the write does take effect."
The Windows driver bricking is soft, not hard, and can be reversed (but not easily under Windows). Apparently the Linux FTDI driver has been patched to still recognize these soft-bricked parts using other means.
There are claims that even Microsoft is not happy with FTDI for using the Windows Update service to distribute the bricking driver worldwide, as well as into jurisdictions where such actions may not be legal.
There are also claims that some manufacturers have switched to parts from competitors, as they can't trust FTDI to not do something like this again, nor can supply chains guarantee genuine parts with multiple part sources / brokers involved in the chains. Obtaining parts direct from FTDI isn't always practical, especially for large volume purchasers, and FTDI can be temporarily out of stock.
FTDI staunchly reserves the right to protect their IP, and have changed the license on their driver to warn against the use with non-genuine parts, and to avoid any liability.
Luckily, none of my E-Bay purchased parts seem to be affected, i.e they are either genuine parts or really good fakes. My Parallax boards are also okay, but I expected that.
After some digging (the information is not readily available) I found how to test my cables, as well as E-Bay purchased parts.
There is a Linux Python script available (requires "pyusb" package to be installed):
https://marcan.st/transf/ftdi_clone_tool.py
Fake detection / bricking is based upon the EEPROM's write behaviour:
An attempt is made to overwrite the USB Product ID (0x6001) with 0x0000.
"On a real FT232RL, EEPROM writes are 32 bits and only take effect when writing odd [16 bit] addresses (addr-1, addr are updated). So, on a real device, this does nothing. On counterfeit FT232RL devices, the write does take effect."
The Windows driver bricking is soft, not hard, and can be reversed (but not easily under Windows). Apparently the Linux FTDI driver has been patched to still recognize these soft-bricked parts using other means.
There are claims that even Microsoft is not happy with FTDI for using the Windows Update service to distribute the bricking driver worldwide, as well as into jurisdictions where such actions may not be legal.
There are also claims that some manufacturers have switched to parts from competitors, as they can't trust FTDI to not do something like this again, nor can supply chains guarantee genuine parts with multiple part sources / brokers involved in the chains. Obtaining parts direct from FTDI isn't always practical, especially for large volume purchasers, and FTDI can be temporarily out of stock.
FTDI staunchly reserves the right to protect their IP, and have changed the license on their driver to warn against the use with non-genuine parts, and to avoid any liability.
Comments
However, such after-the-fact spin, does not mean much in court with a motivated complainant.
Imagine FTDI's Lawyers face when news of this broke :
"You did WHAT ? - and no one thought to ask me ? "
I'm sure that is quietly left off any departing engineers CV too....
The good news is USB alternatives keep getting cheaper.
SiLabs now have little USB-MCUs for not much over 50c, (3mm x 3mm) that can work with SiLabs USB drivers, with the added feature of user defined software.
In a Prop case, that means include of RST monostable is possible, saving parts, and even a separate terminal-Serial channel or a direct SPI programming channel for P2....
Their incessant whining and twisted amoral logic was quite amusing, though at the same time creepy. Since it showed they had a complete lack of ethics and a massive entitlement attitude as well.
And if some business was greedy and stupid enough to use the knock-offs they deserved whatever misery they got.
Yup, quite agreed, provided they did that knowingly.
It is the blind collateral damage aspect of this action, that is doing the real damage to FTDI.
IMO, the objections to FTDI's actions were well stated in the other thread on the topic.
I hope people don't spend much time repeating arguments previously made in the other thread.
Claims by who?
Claims also by who?
Though I don't manufacture much, I claim to go out of my way to avoid FTDI products. Dave of EEVBlogs has also made this claim.
(This is in reply to the second question.)
BTW, Didn't we do this (debate FTDI's actions) already?
http://forums.parallax.com/showthread.php/157888-Windows-update-from-FTDI-killing-clone-chips.
http://forums.parallax.com/showthread.php/157893-FTDI-s-driver-issues-with-fake-chips-and-Parallax
Can't I merely ask for clarification of what would seem to be totally unsubstantiated rumors regarding Microsoft and "manufacturers"? It has been several weeks since this story first broke. While I do bristle at the use of hyperbole, such as that used by "rod", if there are hard links to evidence of these claims then I want to read them and make up my own mind.
Let me clarify that I do not deny that FTDI did what they did. My interest in manufactures dropping FTDI stems from concerns over impact to supply. Therefore FTDI losing sales of less than 100 units are of no concern to me.
Of course you can ask. I know the question wasn't directed to me but since it's a public forum I chimed in anyway.
I think what bugs me the most about the FTDI driver issue is it's often in the back of my mind when something with a project doesn't work. I think "is there some way a fake FTDI chip got in the supply line of the product I'm using?" I wonder if there is a counterfeit chip,if the device had been disabled by the driver at some time in the past. It's just one more thing to worry about then trouble shooting.
I doubt many manufactures would redesign their products so they don't use FTDI chips but I do think there's a significant number of developers who will now look for FTDI alternatives who wouldn't have done so if the device disabling driver hadn't ever been released. I only have anecdotal data to back up a "significant number" and I also would be interested in knowing the source of the claims manufacturers are switching to competitors.
I do recall reading an article on Hackaday stating MicroSoft was not happy about FTDI's actions.
I do understand your desire for clarification, I used it as an opportunity to express my continuing anger toward FTDI.
Do you really imagine Microsoft did not care ?
Their lawyers would have had a blue-fit at the risk exposure this represents - litigants chase the deepest pockets.
Microsoft moved very swiftly for a big corporation on this.
Google finds this, easily enough : - Terse enough for you ?
[:Microsoft has given us a statement :
Yesterday FTDI removed two driver versions from Windows Update. Our engineering team is engaging with FTDI to prevent these problems with their future driver updates via Windows Update.:]
This was not a good idea. Too say the least.
Did we not discuss this to death already ?