10

Apparently, there are some counterfeit USB/Serial FTDI chips on the market.

Searching the web one finds people comparing fake/original ones via opening them mechanically/chemically.

But how to detect fake ones less intrusively?

I mean, the infamous FTDI driver update surely contains a detection routine - otherwise it couldn't flash a zero vendor id on the counterfeit ones.

Perhaps the detection 'algorithm' or similar less intrusive methods are published?

Nick Alexeev
  • 37,739
  • 17
  • 97
  • 230
maxschlepzig
  • 426
  • 5
  • 17
  • 1
    This is an interesting question. Have you asked FTDI, though? For example, they may have a testing service where you ship the IC (or your board) to FTDI, they test it in house and send you a report. If you find out from them, could you post your findings here (provided, of course, that the information is not under an NDA)? – Nick Alexeev Oct 19 '15 at 21:19
  • 1
    @Nick Alexeev: if shopping questions are off-topic... detecting particular fakes probably even more so! – Fizz Oct 19 '15 at 21:20
  • 1
    @RespawnedFluff The O.P. is asking about "algorithm" or "method". Let's see where this thread will go. – Nick Alexeev Oct 19 '15 at 21:24
  • @Nick Alexeev: Let's see indeed, but the method will probably be restricted to a certain IC of one vendor, I suspect. I don't see how this might be different from asking for a valid database of LMxxxx traceability codes or similar. – Fizz Oct 19 '15 at 21:28
  • 1
    Buy from reputable franchised distributors who certify their supply chain, problem solved. But seriously this is just the tip of the iceberg you could be sold bad parts that failed test that really are a manf parts, old revs remarked, damaged returns, or once we even had a fab running a second shift making out parts for themselves... Counterfeiting is a big pita right now. – Some Hardware Guy Oct 19 '15 at 22:58
  • 2
    @RespawnedFluff: I don't see how any way of detecting fake versions of a particular chip would be opinion based or quickly outdated, which are both main reasons for why shopping questions are offtopic. – PlasmaHH Oct 20 '15 at 08:31

2 Answers2

9

The driver has been disassembled http://hackaday.com/2014/10/24/ftdi-screws-up-backs-down/

The detection is in the WriteEEPromValue line below. I can't be bothered to find the text source, so here's the image from that article with the critical code/comment circled

enter image description here

Fizz
  • 14,355
  • 2
  • 43
  • 97
  • 1
    As you can see the method relies on the fake-chip EEPROM accepting/executing short and/or misaligned writes, whereas the real FT chips ignore those. Who knows what the next wave of fakes will do. – Fizz Oct 19 '15 at 21:54
  • Also they tried to get their disable code merged into the Linux kernel driver https://lkml.org/lkml/2014/10/23/129 Guess how that ended... – Fizz Oct 20 '15 at 04:57
  • I'm not actually sure that patch was submitted by someone working at FTDI... because the next message says something about "performance art" :D – Fizz Oct 20 '15 at 05:04
  • Finally, you can use the latest (post July 2015) drivers. These refuse to talk to fake chips without killing them apparently. http://electropit.com/index.php/2015/09/06/arduino-nano-v3-0-clones/ The exact method used to achieve this has not yet been reverse engineered, as far as I can tell. But it's not hard to imagine modifying the above code to write to some non-critical location (and then checking what that contains). – Fizz Oct 20 '15 at 05:34
2

The problem is that if a simple method of detecting fakes becomes widely known the fakers will try and fix their fakes to be immune to it.

So the question is what tests are possible that fakers will find it very difficult to immunise against. I suspect precise timing measurements are the answer, IIRC FTDI's chips are hardware based, so they should have very stable and predictable timing that would be very difficult to precisely clone in a microcontroller based fake.

Peter Green
  • 21,158
  • 1
  • 38
  • 76
  • Also, at what point is a clone a perfect copy? What if there are no more black box tests you can do? – crasic Oct 20 '15 at 06:02
  • No, timing measurements probably aren't the answer, as the device sits on the far side of a USB bus which imposes its own timing, and most work a staggering variety of hosts with their own delays and inefficiencies. – Chris Stratton Nov 29 '15 at 19:54
  • Sure, said timing measurements would have to be taken in a test setup with a tightly controlled host (most likely a FPGA of some sort). Building a setup for accurately measuring the timing behaviour of a USB device wouldn't be cheap or easy but I would expect it to be very effective at weeding out clones. – Peter Green Nov 29 '15 at 23:17