FTDI: The Clone Wars

I saw an article on Hackaday that talked about an FTDI driver update on windows that purposefully set the PID of the device to 0 on fake or 'cloned' FTDI chips. I've also seen a bit of confusion on this topic, so I'd like to clarify a few points.

First, what is FTDI? Basically, this company makes products that allow micro-controllers to communicate to a USB host, like your computer. The make both drivers, hardware, and most importantly here, chips.

1) Many people aren't aware if they even have a fake

One of the first arguments that I saw was in regards to how users should be punished for using a fake chip. Most of the people using these products are using end products, or products that are made using these chips. It's much easier for someone to include an FTDI chip with their device than to go through all of the trouble and cost of getting their own Vendor and Product ID. So, some devices have these chips in them without their users ever really knowing. This means that if the vendor accidentally or intentionally used a fake chip, then some end consumer could have a device break and have absolutely no idea why. It would literally just stop connecting to the computer.

2) This isn't a user mistake

The second most common argument that I'm seeing is asking why on earth any user would expect FTDI firmware to work on a non-FTDI chip. One person compared it to trying to sue Sony when your Sony TV knockoff stopped working. A user didn't re-flash their chip and mess up by getting the wrong firmware version, or putting it on a device it was never intended to. In fact, what updated silently and without warning was the FTDI driver on the host side. The FTDI driver itself checked if the chip connected to it was fake, and if so, it rendered it useless by changing the Product ID to 0.


3) This was intentional

Many people don't seem to understand how this could be intentional. One commenter on the Hackaday article asked how they could be expected to support all of the clones. It's not that they tried a new feature that only worked on the real ones but not the clones. The essentially initiated a challenge response protocol. The gave the chip some data or some set of data. The official ones would return one thing, the fakes another. After the fakes were identified, they were dealt with with extreme prejudice.

How does it work?

The FTDI device essentially makes a serial port through its driver. A USB device has several layers to go through. The first of which is a device descriptor. The descriptor has a lot of information on how to go through the layers, but most importantly, it has a vendor and product ID. The vendor ID is unique to the vendor, and the product id is unique to the particular product or chip. This attack sets the product id to 0 which makes windows fail to acknowledge its existence. A product or vendor id of 0 is considered invalid, so it will no longer be recognized by the computer much less the drivers.


I hope I've cleared up a little bit regarding this issue. My opinion is that it might have been better to give a small alert to users letting them know that their chips are fake. I don't think it was within their rights to destroy peoples' products, mostly because they were not aware they were using a fake chip. However, even if they did know they were using a fake, I still don't think that they should have morally done that. As far as market share goes, it might be a good decision, it might not be. The answer to that will lie in whether people keep buying their products after this.

Comments

Post a Comment

Popular posts from this blog

New paint job and other "minor fixes"

I've always found it interesting how the human brain worked. Recently, I've been playing with  Tailwind CSS  and reading the  Refactoring UI book . One of my longer term projects has been working on BotQueue v2, with all of the fun issues and delays with that. At some point, I realized that I would have to make the site look semi-professional. So I decided to learn how to do some UI stuff which is where that UI book comes in. The same author is also behind Tailwind CSS which is a really nifty utility first CSS framework that I would recommend checking out. What I didn't expect is how doing even a little effort in making the design look good would help my motivation to work on it. I've been focusing on removing blockers recently, and it's fascinating what I find is a blocker. I didn't really expect a little bit of "paint" to go a long way in me working on it. I no longer had the "it's functional, but it's going to suck to make it pretty l
Read more

What it's like working in tech with ADHD

Whoa, it's been almost 3 years since I last update this blog? Geez, what's happened in the interim? Well... A lot. I'm currently coming up on two years as a software developer for Uber, and what a crazy couple of years it's been. I'm not sure why I haven't written in a while. This blog was always designed to describe my adventure, navigating from job to job and what I learned or sharing some perspective that might help others. Today I'm going to share a personal perspective on what it's like working in tech with ADHD (if you couldn't tell from the title). Alright, so first things first, let's define some context. This is as much for you reading this as it is for me writing it. What is ADHD? ADHD stands for Attention Deficit Hyperactivity Disorder. Okay, so that's not very useful is it. I mean there's this ADD thing which is everything minus the hyperactivity. Okay, perfect, that explains it! I have a deficit of attention.... and it
Read more

BotQueue client updates!

It's been only a couple of months since the last software release, but it feels like it has been far too long. Instead of releasing 0.6, I'm releasing 0.5.1 today. There are two reasons for this, which I'll get to in a minute. But first, features! Makerbot support Or at least, mostly Makerbot support. It supports all of the printers that speak s3g/x3g, so no 5th generation (yet). There is also way to slice things. I have a solution for that, it's just somewhat difficult to work with closed source software. For now, you can upload your *3g files and it will run them just fine. It also allows you to upload .makerbot files, but those aren't supported yet. Automatic updates This is something I've wanted to do for a long time, and is the first reason why this only jumped up to 0.5.1. I released version 0.5.0, and in the very next commit, released 0.5.1. This was to test the auto update feature. Every 2 minutes, if your bots are either in idle, error, or offli
Read more