>>> 2023-10-09 prolific counterfeiting (PDF)
I'm working on a side project right now, one of several, which involves telematics devices (essentially GPS trackers with i/o) from a fairly reputable Chinese manufacturer. The device is endlessly configurable and so, like you see with a lot of radios, it has a UART for programming. The manufacturer provided a cable for this purpose, and when I plug it into my laptop running Windows, it appears in the device manager as "DOES NOT SUPPORT WINDOWS 11." What a world.
This is one of those things that I bump into perhaps once a month working on various odds and ends, especially radios. It's the collateral damage of the serial adapter wars.
Counterfeiting is an interesting aspect of the contemporary hardware industry, particularly for programmable microcontrollers sold for higher-level applications. My first exposure to this strange world was probably the ELM327. A company called ELM Electronics developed the ELM327, basically a PIC microcontroller with software they wrote. It provides a serial interface and command set for interacting with OBD-II diagnostic ports. The ELM327 was widely used for serial, USB, and Bluetooth OBD-II readers, and it was a lot more widely used after someone dumped the ROM from one and started selling their own PICs with the same software---cheaper.
Suddenly, online marketplaces were flooded with inexpensive USB and Bluetooth OBD-II readers, all described as ELM32. They were of course counterfeits. For the most part they seemed functional, but the counterfeits did often have issues with unreliable Bluetooth and power consumption behavior. More to the point, the counterfeits were stuck, versionwise. Later ELM327 versions took standard measures to avoid the ROM being read out. Counterfeits often reported fake version numbers to look more in line with the genuine item, but they only had the featureset of the original. Of course this made it annoyingly hard to tell what capabilities an ELM327 device actually had.
The story of the PL-2303 is similar. The Prolific PL-2303 was almost certainly the most popular USB-UART controller on the market. Nearly every USB serial adapter for years was based on the PL-2303, most offboard programming cables for embedded devices used it, and there were even devices that used a PL-2303 internally as a simple way to present a USB interface. The problem is that not that many of these PL-2303s were actually PL-2303s.
I don't think this is quite as clearly a case of cloning as the ELM327. It seems like what happened is that a lot of vendors independently implemented USB-UART chips that implemented the same interface as the PL-2303, based on reverse engineering. That might have made for some sort of defense were it not for the fact that a lot of these "PL-2303 compatibles" were being sold as outright counterfeits---with Prolific part numbers and trademarks.
Prolific responded to counterfeiting almost uniquely aggressively. To be clear, there is some debate about Prolific's motivations at the beginning of the serial adapter war. More skeptical commentators tend to accuse them of outright profiteering through a form of planned obsolescence. I don't necessarily think that Prolific was this clearly malicious, but they clearly had a certain disregard for the interests of their customers. Prolific's anti-counterfeit strategy evolved over a few years from guerrilla to scorched earth.
In the first wave, Prolific started modifying the device drivers they distributed to perform additional tests on PL-2303 chips before they would function. Sometime in the early '10s the first shells landed. "PL-2303" adapters that had worked fine suddenly became unreliable, and it was a crapshoot whether any given USB-serial adapter would function. As a user it was hard to understand why, and so a general view proliferated that USB serial adapters were extremely unreliable.
There was a bit of a weakness in Prolific's strategy, though: the "genuineness" checks were only present in newer versions of the driver. Counterfeit chips could be made to work just by rolling the driver back to a previous version. For several years, it was routine for USB-serial adapters to come with a mini CD containing a very old version of the Prolific driver, and a note explaining that use of the "special" driver was mandatory.
Around 2015, Prolific got more aggressive, introducing a new tactic they would return to again: the "new Windows support" scheme.
Prolific retired the PL-2303 variants they had been selling an introduced a new variant. There were some minor new features, but the main selling point on the new variant was "Windows 8 support"... a bit of a surprise since the original models had been working fine with Windows 8. But Prolific had an interesting idea of what "Windows 8 support" meant: they released a new driver version, distributed by Windows Update, that whitelisted PL-2303 variants based on Windows release. If the system was running Windows 8, the driver just checked if a PL-2303 was a variant that "supported" Windows 8. If it wasn't, the driver left it nonfunctional. Everyone upgrading to Windows 8 would also have to replace all of their PL-2303 devices with newer versions.
I'm not sure exactly what Prolific was thinking. The newer variants had some stronger anti-counterfeiting features, so I'm sure they were trying to motivate users to switch to the newer variants. That's not an easy task, since the function of USB UART chips has been basically the same for decades, so they had to force it.
I'm being charitable to Prolific by describing this scam first as an effort to deter counterfeiting. A lot of commentators figure that Prolific sales numbers were just lagging and they had to find some way to drive people to replace existing equipment. At the end of the day, Prolific probably had both motivations to a degree. It didn't really matter to the end users, the effect was the same. Prolific had invented a new type of suicide battery, just by distributing a new driver.
Of course, Prolific didn't have a way to fix the original workaround. You could still get older PL-2303s to work on Windows 8 by downgrading the driver version to one originally released for Vista or 7. A lot of people did. Forum guides went around on how to disable Windows Update driver selection for Prolific devices. Sellers switched from mini-CDs to slips of paper with a URL to download an old driver version. Things went on much as they had before.
And then Prolific did it again.
With the release of Windows 11, Prolific once again "ended support" for a long list of PL-2303 submodels. Windows Update, on Windows 11, now distributes a version of the Prolific driver that will outright refuse to work with nearly all PL-2303 variants. Everyone is expected to once again buy new USB UART chips.
But the same workaround still works... roll back the driver to an older version. The biggest thing that's changed is that Windows Update has gotten more aggressive in updating drivers. I have an older PL-2303 device, probably counterfeit, that I'm using right now. Every couple of days it stops working until I go into the device manager and uninstall the driver. Once the driver is uninstalled, it works again. Counterintuitive, but what I'm doing is really uninstalling the newer driver version placed by Windows Update so that an older driver version I had installed manually will be selected instead. Later in the day, Windows Update notices the device and puts the newer version back again.
This is a truly ridiculous state of affairs. There exists a wide range of devices, many not that old, that will only work on recent Windows releases with constant user intervention to get the correct driver to be selected. I think that, at this point, basically everyone with occasion to use these Prolific devices knows about this problem and the workaround. It's just sort of the accepted state of affairs in USB UART chips.
That's not entirely true, of course. Prolific does have one major competitor, FTDI. The FTDI chips are more expensive and thus less popular, but usually viewed as more reliable, pretty much entirely due to Prolific driver issues.
FTDI is not without their own complications, though. FTDI rather famously released a driver version that detected counterfeit FTDI chips and actually bricked them. I don't think this has ever been done on such a large scale, and it generated a lot of negative press back in 2014. Perhaps because of this nuclear attack on counterfeits, they seem a lot less common for FTDI branded parts.
There are a couple of interesting aspects of this story. First, I am surprised that Prolific doesn't worry about negative brand reputation impact. Online discussions of USB serial and UART chips often discourage the purchase of Prolific parts, although over the years most people have figured out what's happening and give a bit of backstory on Prolific's anti-counterfeiting efforts, rather than just saying the "drivers are unreliable." FTDI is often recommended as an alternative. Despite the price premium of FTDI, perhaps they are gaining market share off of this whole thing?
Second, Microsoft is distributing a driver update through their infrastructure that makes hardware less likely to work. You'd kind of think that Windows Update would have some policy against drivers that break hardware, but I also don't think Microsoft would have foreseen this situation. Still, it's been like this for almost a decade now... for USB UART chips, driver updates are often the enemy. I'm surprised that Microsoft hasn't taken some kind of action to reduce user impact, but Microsoft has its own anti-counterfeiting battles and probably takes a sympathetic view of Prolific's actions.
I'd like to say that this is a bit of history, but driver problems with USB UART chips are still common today. I have a radio programming cable I bought in the last four months with a counterfeit PL-2303 that won't work without a driver downgrade. Forum threads still give workaround instructions and recommend FTDI over Prolific. USB serial cables still come with a slip of paper with a URL for a PDF with a link to download an old version of the Prolific drivers. Life goes on.
Weird situation though, isn't it? Did anyone ever think out the militarization of driver updates? Did anyone anticipate that getting a successful serial connection would get even harder as time went on?