(tr)uSDX unauthorised product and countermeasures

It has been interesting to observe takeup of the (tr)uSDX project.

The project is released under a quite restrictive licence.

Whilst the developers do not make or sell hardware, they exercise control over the hardware and offer hardware manufacturers an opportunity to have their implementation “approved” or “authorised”.

It is not surprising that a number of implementations have appeared that the IP owner regards as infringing his licence, inevitable really as Chinese copyists have little regard for intellectual property.

Who’da thought that “unauthorised” products would appear?

One of the developers posted those rigs will be banned from Firmware updates, so don’t buy that.

My correspondent asked how can he do that?

If the firmware can detect something different about the hardware, it can be written to not run on that hardware. That would mean detecting something different, but there might not be something detectably different.

Something that does vary from chip to chip with genuine AtMega328P is the internal unique digital ID, so that could be used… but building firmware that has a large list of authorised ID numbers or even prefixes is not practical.

Chinese copyists possibly provide a simple solution in that many (possibly all) of the fake AtMega328P seem to use a single ID, it it is not unique to each chip. So if the “unauthorised” copy uses a fake 328P, then blocking one ID might be a measure the developer had in mind when he wrote the quote above.

Sounds like a plan!

Well, a really bad plan that will excommunicate users of any kits that contain those fake chips, and people have been buying them on eBay and Aliexpress for replacements or whole builds when they started with a bunch of components rather than an “approved” kit. People have reported that fake chips seem to work properly in the current firmware.

A consequence of the fact that the project is not open source is that individuals or community cannot undertake fixes or improvements to the project code independently of the developer, and if the developer releases firmware that is not backwards compatible with existing components or hardware that the user unwittingly purchased without knowing it might be blocked, the user may be stuck with the last version that did run on their hardware.

It is an interesting twist in the life of a quite controlled product.

Look back at FTDI’s experience when they started bricking fake FTDI chips. They reversed the measure perhaps pressured by Microsoft (the bricking was shipped in Windows Update) but not before it has spoiled a lot of hardware. Smart consumers, especially those who unwittingly bought systems with embedded fake chips, may properly regard FTDI as not trustworthy, and being more informed by the process, choose hardware that uses some other type chip.

Prolific also released Windows drivers that will not work with earlier versions of genuine hardware which by accounts were widely cloned.