Friday, 26 February 2016

FTDI Gate - the aftermath!

Some of you are like me: I love a good F*&k-up story! Case in point: VW Diesel-gate.

When established companies drop the ball and do it big time, there's this sudden interest of who, what, why and when. There's no sense of gloating with me (unless there's and axe to grind), but it just interests me the thought process one or a group of individuals took before they realised: "Shit! Maybe this was a bad idea!"

So when I first heard about FTDI gate I took a major interest in the debacle!

Who are FDTI?

If your asking yourself this question, then I'll explain.

FTDI is a small company in Scotland developed by CEO Fred Dart. Before it was FTDI, it started out as one-man consultancy, making hardware for PC mother boards in mid 90's when the PC boom was in swing. After a while Fred decided to go into silicone design and started churning out IC's for customers.

After finding his feet it seems, he then went on to design his own brand of IC and FDTI was born. When the USB standard came along, they found their niche and went for it (albeit after a shaky start).


Since then they have dominated the market with their range of USB based products and have become one of the #1 USB peripheral interface/driver of choice. Their offices are now around the world employing about 400 people..from an original number of 5!

I've used their products making a few test rigs and programming aids - they are the mutt's nuts! if you are using a USB mouse or keyboard right now, chance are high it has an FTDI interface in it.

OK so what happened?

Well the problem with branded products that do well, to the point that even generic branded products get called "FTDI...USB" is that they suffered from counterfeiting!

In October of 2014, Hackaday reported a USB driver update that FTDI released, that came with an important windows update, was found to be bricking peoples "FDTI" based devices without any notification. They just stopped working

It then transpired that FDTI was responsible...and there was a shit-storm!


FTDI admitted that they had released this drivers function intentionally!

The short version of how it did this was the driver somehow queried the device for its credentials and if they were incorrect,  it set the devices internal PID number to "00" which essentially made it a null device.

Its like changing your house number to: 0, The High Street, unknown town, unknown county! You could go to that address and see it, but you probably would be able to send mail there! 

People in the middle of important projects could now no longer do their work, people who'd used their chips in products were inundated with complaints from customers.

Literally thousands and thousands of people who had up until now had happily been using there USB interface devices, now had a piece of ceramic and silicone where the once working USB interface chip had been. They were now as much use and a pebble on a beach!

Even swapping it to another computer did nothing, the device was well and truly FUBAR'd.

However some people reported that this was not happening to their device...so what was up?

So why'd they do it?

Well it has to do with the counterfeit IC market.

Some of you (the uninitiated) will scoff at this:

Nobody in their right mind would bother to counterfeit IC's!"

Well it's not like going down to Costco, bagging a load of white T-Shirts and getting your mother to iron Nike transfers on them, then bunging them on ebay ...well maybe it is, but its a bit more clever than that!

Tricks and traps!

They can come in different guises:

Failures from a batch of IC's from a reputable manufacturer can be resold under false advertising. Hard to identify, though I believe they wouldn't have a date code on them?

Low end versions of a device similar to what a high end manufacturer would sell get snapped up, the tops scrubbed off them and branded information laser over it or if in a plastic package: the package is removed chemically or thermally and a  plastic outer layer is reformed and branded data printed on the casing . Usually identified by uneven lettering and remaining flash from the injection process. Though now its getting hard to identify!


Recycled - devices may have already been through the mill! usually can be identified by solder that remains on the pins


Complete professional hack-job: a sub-standard design is developed and made in poor quality manufacturing conditions and they just brand the package with a popular brand. Nike-transfers-on-cheap-t-shirt method!
Could you tell?


And the down right dastardly! SOLID COPPER DIE! I kid you not, I have read an article I now am unable to find where a small batch of IC's were delivered fitted, shorted out the boards, the plastic casing removed to reveal a solid copper block with all pins connected to it!

FTDI's CEO stated in an interview with Lada Ada that a customer complained that there FTDI chips were not working to specifications outlined in their datasheet and wanted to verify with FTDI.

So FTDI tested them and low an behold they did not achieve par and after sending the chips off to be de-capped (basically filing the top off!) found that the physical architecture of this batch was not theirs, along with device ID's not matching batch records and the big give away: made in China on the bottom!
A close up of decapped IC with the exposed die.
The secondary issue was that these counterfeiters illegally using FDTI's drivers essentially tricking the driver software into thinking that it was talking to the genuine article!

As such FTDI decided to act to stop these chips from being used and force the counterfeiters to stop reproducing this sub-standard version of their chip. They did some clever (and secret) jiggery-pokery and interrogate the device. If the answers are incorrect then you WILL BE SHOT...no wait..sorry...BRICKED!

Then what?

Well I already explained that a shit storm kicked off! I mean, just look at the comments on the original hackaday article. People were livid that FTDI, company that they felt they could trust, were literally taking their tools by proxy! Basically: borderline theft!

But the people fought back! Not even 2 days after, those clever subscribers to Dave Almighty's EEVBlog forums and figured out how FTDI had bricked the chips!

This then lead to the next logical step of how to get round it!

Back to square one for FTDI then...and now with less support from its customer base than before.

Sheepishly: FTDI backed down, stating that they had got Microsoft to removed their drivers from the windows updates and that their "intentions were honourable".

Then there was nothing for a good year and a bit, until Feburary of this year Hackaday reported that FTDI were back at it, only this time they chip was not bricked as such- more identified as a non-genuine chip. The device can still be used on linux based systems or by turning windows updates off, but at least it didn't brick the device completely - some mild disguntlement from some people.


so now your up to speed!

My 2 peneth

I'll admit now, When I heard about FTDI gate MK1I was livid!

A company I thought was one of the good guys had single handed managed to damage my faith in them by them forcefully removing peoples tools (and thats essentially what they are) from them and these people probably had no idea that they were in the wrong and were most likely totally innocent.

"All they did was buy what they thought was the genuine article at a cheap price and most likely had no idea that it was knock-off. Heck even honourable suppliers probably thought the same!"

After I read Lady Ada's interview with Fred Dart and recalled my words and feelings from the original scandal, it suddenly dawned on me:

WE AS ENGINEERS, HOBBYISTS, & TINKERS ARE THE REASON THIS SCANDAL EXISTS

Right has that sunk in? Still pissed off at me for saying that? OK but before you go down to the comments to unload a tirade of bile my way, let me explain something and I'll start with 3 letters and 4 numbers:

ISO9000 "is a series of principles of management that a company must adhere to to meet the needs of customers and stakeholders whilst meeting statutory and regulatory requirements related to a product."

"SO!?"

So these principles are there to ensure that the source of these parts adhere such requirements including a standard of working environment and management.

Companies such as Farnell, RS, Rapid to name a few are ISO9000 or 9001 certified and as such will only deal with manufacturers who are likewise certified.

Lets paint a picture: Farnell decides to buy a batch of plastic brackets from India without going out there and seeing the factory for themselves. They place an order for 10,000 units. After 2,000 units sold, it turns out from a news report that that factory had substandard working conditions, multiple counts of health and safety violations, children under 10 years old working 16 hour days instead of being in school and using recycled plastic bottles to make the brackets using old machinery that should have been scrapped years ago!

Their shares plummet, Farnell file for bankruptcy, and yes would probably mean good parts going cheap, but in the long run: not good for Farnell, its shareholders and more importantly its employees!

"Your point being?!"

The point is that we as electronics people always want the cheapest we can get! 

I mean why pay £15 for it off RS when you can get it for £6 off ebay on slow boat from China, right?

But do we know who exactly we're buying off? As far a I can see on sites like Ebay, Amazon and other market sites - sellers don't have to be ISO9000 certified, why would they need to be right? 

Of course, you don't go down the veg market, ask the guy yelling "PAND A PUNNET!": "Excuse me chief? Are you ISO9000 certified?"

One: he'd tell you to buy a punnet or bugger off, and two: he's a one man show, and probably his kid and wife. No management system, nobody he pays wages to!

With market sites, you just fill your boots with cheap kit, not giving a second thought to where the seller has sourced it, who's made it, where they source their components from (counterfeiters)? Are the people making it getting a fair wage and  safe working environment? Are those employees of legal working age? is the company supplying those components paying their tax bill? Cos lets face it there are some unscrupulous bosses out there who will cut any corner to make a profit fast!
So my point is with regards to the FTDI issue is they have exposed how tight fisted we are! yes they went about it a bit ham-fistedly, maybe a different approach should have been taken.

But this is someone's company they built up from a one man band to a 400 man company supplying IC's to some well known manufacturers! And also what would you do if you caught someone using and selling something of yours they'd not asked to use? You'd take it off them!

You like a companies product, buy through a reputable supplier and buy a the price they're asking! Still too steep? Try a different well known supplier, they might have ordered a bigger bulk and have it on offer!

So your so-called FTDI UART cable now doesn't work cos FDTI knacked your drivers. Your Shitty Arduino knock off Amazon that took 3 weeks to arrive now won't connect cos, yep, FTDI bricked the interface chip!

So for all those kicking off at FTDI, Bear this in mind: you got it off Ebay for a song! What did you expect?!

I'm not saying all ebay and amazon sales are bad, hell I've got some stuff coming from ebay, but I know for a fact they aren't branded at all and I didn't cough up a lot, so if it falls over or goes pop: meh! I won't go shouting my head off at Linear Technologies anytime soon when my buck convert falls over!

But you really have to ask yourself - why so cheap?

1 comment:


  1. Thank you for sharing such great information.car engine repairIt is informative, can you help me in finding out more detail on car air conditioning service,i am interested and would like to know more about this field and wanted to understand the basics of car ac repair.

    ReplyDelete