There are two ways you could interpret "counterfeit".
1. Fake IC (identifies as FTDI 232 IC), fake cable (FTDI logo on it)
2. Real IC, fake cable (eg, I buy the FTDI IC and make the cable, and sell it as an "official" FTDI cable).
(1) is I assume what they mean in this instance., but you could argue (2) is also possible. However, they make no mention of the packaging both calling them "FTDI" cables. Instead, I assume they're going off what they report to the OS as.
FTDI have been around for decades, and the offhand "old cable we had kicking around" could easily mean its 15+ years old. That might easily explain the chip size difference. In this case, FTDI did make TSSOP 28-pin chips for a long time. They're now obsolete, superseded by SSOP package variants (like in the "Real" picture). Put another way, this is like comparing an i5-10400 to a Pentium II that I found in my storage closet and declaring the Pentium II fake.
The actual fake chips visually look identical to the real ones. Obviously, otherwise they wouldn't get mixed into the supply chain.
The only real conclusion they can realistically make from these x-rays are that they're not the same cable (but even then, I don't know if FTDI real cables have silently upgraded the internals while retaining the same SKU).
But the fact that most comms cables, these days, have integrated chips, makes for a dangerous trust landscape. That’s something that we’ve known for quite some time.
BTW: I “got it right,” but not because of the checklist. I just knew that a single chip is likely a lot cheaper than a board with many components, and most counterfeits are about selling cheap shit, for premium prices.
But if it were a spy cable, it would probably look almost identical (and likely would have a considerably higher BOM).
Adam Savage's Tested : Look Inside Apple's $130 USB-C Cable - https://www.youtube.com/watch?v=AD5aAd8Oy84 (1 minute in "we've been saying that our phones have more computing power than the Apollo guidance computer but I'm positive now that this cable has more computing power than the Apollo guidance computer")
That video is a look at cables (not just Apple's) with Lumafield's CT Scan.
It's a good watch, and I learned some new stuff about some things that I only knew a little bit about before.
I assumed the "suspicious" cable was a spy cable, and then guessed that the bigger integrated circuit was probably responsible for doing secret spy stuff, while the smaller circuit up top was all that was needed for ordinary cable work. Turns out the cables do basically the same thing (no fancy spying!), and one is just cheaper.
I want to make a persistent implant/malware that survives OS reinstalls. You can also disable Intel (CS)ME and potentially use Coreboot as well, but I don’t want to deal with porting Coreboot to a new platform. I’m more interested in demonstrating how important hardware root of trust is.
I want to make a persistent implant/malware that survives OS reinstalls.
Look up Absolute Computrace Persistence. It's there by default in a lot of BIOS images, but won't survive a BIOS reflash with an image that has the module stripped out (unless you have the "security" of Boot Guard, which will effectively make this malware mandatory!)
I’m more interested in demonstrating how important hardware root of trust is.
You mean more interested in toeing the line of corporate authoritarianism.
As a power user, do I want boot guard on my personal PC? Honestly, no. And we’re in luck because a huge amount of consumer motherboards have a Boot Guard profile so insecure it’s basically disabled. But do I want our laptops at work to have it, or the server I have at a colocation facility to have it? Yes I do. Because I don’t want my server to have a bootkit installed by someone with an SPI flasher. I don’t want my HR rep getting hidden, persistent malware because they ran an exe disguised as a pdf. It’s valuable in some contexts.
certificate companies sell trust, not certificates.
That’s not what I got from their post. After all, they’re putting in some effort to hardware backdoor their motherboard, physically removing BootGuard. I read it as “if your hardware is rooted then your software is, no matter what you do.”
Try attacking NIC, server BMC or SSD firmware. You will achieve your goal without any hardware replacement needed.
You want to look into something called "Windows Platform Binary Table" [1]. Figure out a way to reflash the BIOS or the UEFI firmware for your target device ad-hoc and there you have your implant.
Is this how various motherboard manufacturers are embedding their system control software? I was helping a family friend with some computer issues and we could not figure out where the `armoury-crate` (asus software for controlling RGB leds on motherboard :() program kept coming from
"The O.MG Cable is a hand made USB cable with an advanced implant hidden inside. It is designed to allow your Red Team to emulate attack scenarios of sophisticated adversaries"
"Easy WiFi Control" (!!!!!)
"SOC2 certification"? Dawg, the call is coming from inside the house...
Helps corporate red teams in environments where the purchase department is... a bunch of loons.
I'm not too keen these days with FTDI's reputation for manipulating their Windows device drivers to brick clones. So, while I'm familiar with their IC, I don't give them any more money. The next time I need a USB to serial cable, I'll bust out KiCad to build it using one of the ubiquitous ARM microcontrollers with USB features built in. Of course, this is easier for me, since I can write my own Linux or BSD device driver as well. Those using OSes with signing restrictions on drivers would have a harder time, unless they chose to disable driver signing.
I think it's just some generic microcontroller emulating FTDI's protocol in software, but it can't keep up with high-speed transfers of course, and that's how they noticed there was a problem.
USB-serial adapters are not particularly special. Dozens of other manufacturers make them.
If I buy a FTDI based adapter, it might brick, and I lack the detection skill or supply chain control to be sure that it won't happen.
If I buy a CH340 or PLwhatever based adapter, that doesn't enter the calculus.
Unless I had some explicit "only FTDI can possibly do it" need, I'm going elsewhere.
Why allow for newer processes on the counterfeit? They'd implement it using the least expensive, most mass produced chips possible, which are more likely to be cut from wafers hitting the sweet spot of size / feature and price crossover.
which is definitely the second
It's sufficient to look at something as basic as the arrangement of cables on the left. The crooked electrical elements on the right are also a big tell.
This works because good—and bad—qualities correlate with each other.
I remember years ago I had similar issue, I got one of those FTDI USB cable to interfere with a drone payload, and it was simpler to just plug in the USB cable into the jetson rather than having a small exposed circuit around, but I ended up having performance issues and interruptions that eventually I replaced it with traditional FTDI exposed circuit, I still have the cable till now but I don’t have the X ray machine to check!
they could be regulated to expose their chip with transparent covering rather than plain dark wiring