An Oven Controlled Crystal Oscillator Replacement

The HP 5328 Universal Counter is all the counter you’ll ever need. It’s rugged, does its job well, and like all old HP gear, keeps on going. When it breaks, though, that’s a problem.

[Tom] had an 5328 Universal Counter with a broken Oven Controlled Crystal Oscillator. This is the HP 10544 OCXO and replacements are pretty spendy. Instead of buying a vintage unit, [Tom] decided to make a replacement.

The OXCO in the HP 5328 is just an option. If the frequency counter has this option installed, a 30-pin edge connector in the counter is stuffed with a little PCB. Like all HP gear, the schematics are readily available, and the original OXCO can be quickly reverse engineered.

The design of the replacement is fairly straightforward. A 10MHz OXCO from Oscilloquartz is used, powered from the 28V rail in the 5328 with a simple switching regulator. Apart from that, it’s just an inverter to get the logic levels correct, and a small, multi-turn pot to calibrate the new OXCO. The completed unit is much smaller than the original OXCO option, so it can be plugged directly into the 30-pin card edge slot, leaving the gigantic standoff inside the frequency counter as a reminder of days gone by.

Hacking a Thin Client to Gain Root Access

[Roberto] recently discovered a clever way to gain root access to an HP t520 thin client computer. These computers run HP’s ThinPro operating system. The OS is based on Linux and is basically just a lightweight system designed to boot into a virtual desktop image loaded from a server. [Roberto’s] discovery works on systems that are running in “kiosk mode”.

The setup for the attack is incredibly simple. The attacker first stops the virtual desktop image from loading. Then, the connection settings are edited. The host field is filled with garbage, which will prevent the connection from actually working properly. The real trick is in the “command line arguments” field. The attacker simply needs to add the argument “&& xterm”. When the connection is launched, it will first fail and then launch the xterm program. This gives the attacker a command shell running under the context of whichever user the original software is running as.

The next step is to escalate privileges to root. [Roberto] discovered a special command that the default user can run as root using sudo. The “”hpobl” command launches the HP Easy Setup Wizard. Once the wizard is opened, the attacker clicks on the “Thank You” link, which will then load up the HP website in a version of Firefox. The final step is to edit Firefox’s default email program association to xterm. Now when the attacker visits an address like “”, Firefox (running as root) launches xterm with full root privileges. These types of attacks are nothing new, but it’s interesting to see that they still persist even in newer software.

Circuit Plotting With An HP Plotter

Over the last few years we’ve seen a few commercial products that aim to put an entire PCB fab line on a desktop. As audacious as that sounds, there were a few booths showing off just that at CES last week, with one getting a $50k check from some blog. [Connor] and [Feiran] decided to do the hacker version of a PCB printer: an old HP plotter converted to modern hardware with a web interface with a conductive ink pen.

The plotter in question is a 1983 HP HIPLOT DMP-29 that was, like all old HP gear, a masterpiece of science and engineering. These electronics were discarded (preserved may be a better word) and replaced with modern hardware. The old servo motors ran at about 1.5A each, and a standard H-Bridge chip and beefy lab power supply these motors were the only part of the original plotter that were reused. For accurate positioning, a few 10-turn pots were duct taped to the motor shafts and fed into the ATMega1284p used for controlling the whole thing.

One of the more interesting aspects of the build is the web interface. This is a small JavaScript app that is capable of drawing lines on the X and Y axes and sends the resulting coordinates from a server to the printer. It’s very cool, but not as cool as the [Connor] and [Feiran]’s end goal: using existing Gerber files to draw some traces. They’re successfully parsing Gerber files, throwing out all the superfluous commands (drills, etc), and plotting them in conductive ink.

The final iteration of hardware wasn’t exactly what [Connor] and [Feiran] had in mind, but that’s mostly an issue with the terrible conductivity of the conductive ink. They’ve tried to fix this by running the pen over each line five times, but that introduces some backlash. This is the final project for an electrical engineering class, so we’re going to say that’s alright.

Video below.

Continue reading “Circuit Plotting With An HP Plotter”

Antique Case for Custom File Server

Michigan Tech was throwing out a bunch of old electronic equipment, and [Evan] snagged quite a gem: a UHF signal generator built by Hewlett Packard circa 1955. He stripped all of the remaining electronics out of the case, but kept the slide-out trays and the front instrument panel to create this antique-looking file server.

The bottom tray was where the bulk of the electronics were housed, and since widespread adaptation of transistors for electronics wasn’t common at the time (the first silicon transistor wasn’t made until 1954), the original equipment was all vacuum tubes. This meant that there was just enough space for a motherboard, heat sink, and a couple of power supplies.

The hard drives are held in custom housings in the top portion of the case. The real magic, however, is with the front display panel. [Evan] was able to use the original meters, including a display for “megacycles” which is still technically accurate. The meters are driven by a USB-to-serial cable and a python script that runs on the server.

The antique case is a great touch for this robust file server. Make sure to put it in a prominent place, like next to your antique tube radio.

XOXO for the OCXO


[Kerry Wong] recently got himself a frequency counter. Not just any counter, a classic Hewlett-Packard 5350B Microwave Counter. This baby will go 10Hz all the way up to 20GHz with only one input shift. A true fan of Hackaday Prize judge [Dave Jones], [Kerry] didn’t turn it on, he took it apart. In the process, he gave us some great pictures of late 80’s vintage HP iron.

Everything seemed to be in relatively good working order, with the exception of the oven indicator, which never turned off. The 5350B had three time bases available: a Thermally Compensated Crystal Oscillator (TCXO),  an Oven Controlled Crystal Oscillator (OCXO), and a high stability OCXO. [Kerry’s] 5350B had option 001, the OCXO. Considering it was only a $750 USD upgrade to the 5350B’s $5500 USD base price, it’s not surprising that many 5350B’s in the wild have this option.

[Kerry] checked the wattage of his 5350B, and determined that it pulled about 27 watts at power up and stayed there. If the OCXO was working, wattage would have dropped after about 10 minutes when the oven came up to temperature. Time to tear open an oven!

Armed with a copy of the 5350B service manual from HP’s website, [Kerry] opened up his OCXO. The Darlington transistors used as heaters were fine. The control circuit was fine. The problem turned out to be a simple thermal fuse. The service manual recommended jumping out the fuse for testing. With the fuse jumped, the oven came to life. One more piece of classic (and still very useful) test equipment brought back to full operation.

[via Dangerous Prototypes]

Rebuilding a Custom IC Saves HP Pulse Generator


Rebuilding an HP Custom IC[Matthew] got himself into a real pickle.  It all started when he was troubleshooting a broken Hewlett Packard 8007A pulse generator. While trying to desolder one of the integrated circuits, [Matthew] accidentally cracked it. Unfortunately, the chip was a custom HP Pulse shaper IC – not an easy part to source by any means. That broken chip began a 5 year mission: to explore strange new repair methods. To seek out new life for that HP 8007A. To boldy fix what no one had fixed before.

[Matthew’s] first repair attempt was to build a drop in replacement for the HP chip. He took a look at the block diagram, and realized the chip was just some simple logic gates. He built his version with a small PCB and Fairchild TinyLogic gates. Unfortunately, the TinyLogic series is fast CMOS, while HP’s original chip used Emitter-coupled Logic (ECL). Thanks to the wildly different voltage levels of the two logic families, this design had no chance of working.

Five years later, [Matthew] was going to school at MIT, and had access to a wire bonding machine. He rebuilt the package using some epoxy, and managed to re-run the various bond wires. While everything looked promising, this attempt was also a failure. After all that work, the chip was blown.

Continue reading “Rebuilding a Custom IC Saves HP Pulse Generator”

Hackaday Links: November 10, 2013


[Henryk Gasperowicz], the wizard of electrons who makes LEDs glow for no apparent reason, has put up another one of his troll physics circuits. We have no idea how he does it (he does say he’s using wireless energy transmission) so a few solution videos would be cool, [Henryk].

Altoids tins make great electronic enclosures, but how about designing your PCBs to fit mint and gum containers? Here’s a Trident USBASP, a tiny Tic Tac ISP thingy, and a Mentos USB to JTAG interface.

By the end of this week, the PS4 will be out, along with the new PS4 camera. It’s a great camera – 1280×800 at 60Hz – but unless someone develops a driver for it, it shall forever remain tethered to a PS4. Luckily, there’s a project to develop a PS4 camera driver, so if you have some USB 3.0 experience, give it a shot.

Multimeter teardowns? [David]’s got multimeter teardowns. It’s an HP 3455A, a huge bench top unit from the 80s. This is, or was, pro equipment and strange esoteric components definitely make a showing. ±0.01% resistors? Yep. Part two has some pics of the guts and a whole ton of logic.

The US Air Force Academy just moved their embedded systems course over to the MSP430. Course director [Capt Todd Branchflower] just put all the course materials online, with the notes, datasheets, and labs available on Github.