A New Level of Chinese Counterfeit Chips - FT232RL

    I think everyone at least once came across fake inexpensive, very similar to the originals things from China. At first, these were “Abibasses” and “Knockles” - now iPhones and microcircuits. However, if earlier counterfeiting of chips was limited either by incorrect marking (when an ordinary cheap chip was marked as expensive) or by the lack of a chip in the case (at best there is nothing there, in the worst - all conclusions are shorted out ) - now everything has become more interesting.

    Recently exp131 and X4ZiMnoticed that some batches of the popular USB-RS232 interface microcircuit are very suspiciously equally buggy: in the system they are defined as ordinary FT232RL, are “recognized” by official software, but the data sent is not transmitted. Of course, we are all accustomed to the fact that the first thing you need to look for is a mistake ... But what if the problem is in the microcircuit?

    Photos of microcircuits: on the left it works fine, on the right - it is buggy. You can notice the difference in the marking - in the working microcircuit it is engraved with a laser, in the non-working one it is printed (however, this is not a universal rule, it happens and vice versa). First we look at the photos, the conclusions at the end.

    Original FT232RL

    After metallization etching: You can look in more detail at the individual elements, rows of standard cells from which the logic is auto-synthesized: ROM: Static memory:

    Chinese clone FT232RL

    And the chip is completely different! You can immediately notice that there are much more contact pads than necessary. On the edge you can see the inscription “SR1107 2011-12 SUPEREAL” After metallization etching: Separate parts, standard cells again: In the other part of the microcircuit, the standard cells were significantly different. Not often you can meet this - the chip was assembled from large "pieces", which were available only in the form of a topology: The first type of static memory: The second type of static memory: And finally, ROM - it was programmed at the level of polysilicon in the production of the chip, so we directly can see the recorded data:


    The Chinese in this case did not just make a “fake”, but took a ready-made programmable mask for the production of the microcontroller (so you need to change only one mask - it is much cheaper and explains the extra contacts on the chip), ordered the production of a batch of these microcircuits at the factory. but apparently somewhere a mistake was made, and the microchip, although it was determined as real, did not work as it should. This did not bother anyone, and these chips began to sell like real FT232RL. However, it is also possible that the ROM memory was simply not enough for full-fledged emulation.

    Update: The resulting clone worked fine until FTDI released a driver update, which were able to distinguish the original from the clone via USB (on newer drivers - the clone transfers only zeros). If you install drivers version 2.08.14 or earlier now, the clone also works. It is almost impossible to foresee all possible checks in the future without completely restoring the original circuitry - and this foresight saved FTDI.

    What is the economic sense of making a software “copy” of a well-known microcircuit, and not releasing it under its own name? No USB VID purchase required, no advertising costs. A copy will be used in numerous large-scale products. With a new microcircuit - development of end products from scratch would be required - sales growth would begin only after 2-3 years. The cost of production of microcircuits is 10-15 cents both in the case of the original and the Chinese version. The manufacturer could also reduce the cost - but does not, they earn their well-deserved profits.

    Hence the moral - the farther, the more carefully you need to apply to chip suppliers, and cheap chips from unknown Chinese suppliers can go sideways and guarantee long hours of exciting debugging

    Also popular now: