A Zhengbang Pick&Place machine, with a Virustotal 53/69 result and "53 security vendors and 1 sandbox flagged this file as mailcious" crudely overlaid on top of the image

Zhengbang Pick & Places Your Confidential Data In The Bag, Slowly

January 22, 2022 by 30 Comments

Isn’t it convenient when your pick-and-place machine arrives with a fully-set-up computer inside of it? Plug in a keyboard, mouse and a monitor, and you have a production line ready to go. Turns out, you can have third parties partake in your convenience by sharing your private information with them – as long as you plug in an Ethernet cable! [Richard] from [RM Cybernetics] has purchased a ZhengBang ZB3245TSS machine, and in the process of setting it up, dutifully backed up its software onto a USB stick – as we all ought to.

This bit of extra care, often missed by fellow hackers, triggered an antivirus scanner alert, and subsequently netted some interesting results on VirusTotal – with 53/69 result for a particular file. That wasn’t conclusive enough – they’ve sent the suspicious file for an analysis, and the test came back positive. After static and dynamic analysis done by a third party, the malware was confirmed to collect metadata accessible to the machine and send it all to a third-party server. Having contacted ZhengBang about this mishap, they received a letter with assurances that the files were harmless, and a .zip attachment with replacement “clean” files which didn’t fail the antivirus checks.

It didn’t end here! After installing the “clean” files, they also ran a few anti-malware tools, and all seemed fine. Then, they plugged the flash drive into another computer again… to encounter even more alerts than before. The malware was equipped with a mechanism to grace every accessible .exe with a copy of itself on sight, infecting even .exe‘s of the anti-malware tools they put on that USB drive. The article implies that the malware could’ve been placed on the machines to collect your company’s proprietary design information – we haven’t found a whole lot of data to support that assertion, however; as much as it is a plausible intention, it could have been a case of an unrelated virus spread in the factory. Surprisingly, all of these discoveries don’t count as violations of Aliexpress Terms and Conditions – so if you’d like to distribute a bunch of IoT malware on, say, wireless routers you bought in bulk, now you know of a platform that will help you!

This goes in our bin of Pretty Bad News for makers and small companies. If you happen to have a ZhengBang pick-and-place machine with a built-in computer, we recommend that you familiarize yourself with the article and do an investigation. The article also goes into details on how to reinstall Windows while keeping all the drivers and software libraries working, but we highly recommend you worry about the impact of this machine’s infection spread mechanisms, first.

Supply chain attacks, eh? We’ve seen plenty of these lately, what’s with communities and software repositories being targeted every now and then. Malware embedded into devices from the factory isn’t a stranger to us, either – at least, this time we have way more information than we did when Supermicro was under fire.

Editor’s Note: As pointed out by our commenters, there’s currently not enough evidence to assert that Zhengbang’s intentions were malicious. The article has been edited to reflect the situation more accurately, and will be updated if more information becomes available.

Editor’s Note Again: A rep from Zhengbang showed up in the comments and claims that this was indeed a virus that they picked up and unintentionally passed on to the end clients.

Underwater Drone Films, Is In Film

January 22, 2022 by 3 Comments

Having a drone that can follow you running or biking with a camera isn’t big news these days. But French firm Notilo Plus has an underwater drone that can follow and video an underwater diver. The Seasam has been around since 2019, but recently made an appearance in a French film, The Deep House about a couple exploring an underwater haunted house, as reported by New Atlas. You can see a video about the drone — and a trailer for the movie — in the videos below.

To follow a diver, the robot uses an acoustic signal from the user’s control unit to find the approximate location of the user. This works even in dark conditions. Once close enough, computer vision zeros in on the diver while a sonar system allows safe navigation.

Continue reading “Underwater Drone Films, Is In Film”

Running Methanol RC Engines On Gasoline

January 22, 2022 by 33 Comments

Methanol is a popular fuel for small engines used in radio-controlled models, but comes at a higher price than gasoline. It’s also harder to source and can be a mite corrosive, too. Gasoline comes with some benefits, but running it in a methanol engine usually requires some mods. [David] and [Bert] worked together to build a mixture controller for just this purpose.

The controller uses a solenoid to control the flow of gasoline to a conventional methanol-tuned carburetor for a small RC engine, allowing it to be accurately tuned to run gasoline well across the whole RPM range. Having gone through many revisions, all documented in a big forum thread, the latest version uses a Seeduino Xiao controller and a BMP280 pressure and temperature sensor for determining the right fuel/air mixture for the conditions. A small OLED screen can optionally be fitted to help with configuration of the mixture controller.

The system has worked well in testing, with [David] and [Bert] reporting that they have “converted engines as small as 0.3 CID up to large radials with this system.” It’s a promising tool that could be handy to have in the RC modeller’s arsenal.

These tiny engines have other applications too; they can make for one crazy power drill, that’s for sure!

Hackers, Fingerprints, Laptops, And Stickers

January 22, 2022 by 76 Comments

A discussion ensued about our crazy hacker ways the other night. I jokingly suggested that with as many stickers as we each had on our trusty companion machines, they might literally be as unique as a fingerprint. Cut straight to nerds talking too much math.

First off, you could wonder about the chances of two random hackers having the same sticker on their laptop. Say, for argument’s sake, that globally there are 2,000 stickers per year that are cool enough to put on a laptop. (None of us will see them all.) If a laptop lasts five years, that’s a pool of 10,000 stickers to draw from. If you’ve only got one sticker per laptop, that’s pretty slim odds, even when the laptops are of the same vintage.

Real hackers have 20-50 stickers per laptop — at least in our sample of “real hackers”. Here, the Birthday Paradox kicks in and helps us out. Each additional sticker provides another shot at matching, and an extra shot at being matched. So while you and I are unlikely to have the same birthday, in a room full of 42 people, it’s 90% likely that someone will have their birthday matched. With eight of us in the room, that’s 240 stickers that could match each other. (9999 / 10000) ^ (240 * 210 / 2) = about an eight percent chance of no match, so a better than 90% chance that we’d have at least one matching sticker.

But that doesn’t answer the original question: are our be-stickered laptops unique, like fingerprints or snowflakes? There, you have to match each and every sticker on the laptop — a virtually impossible task, and while there were eight of us in the room, that’s just not enough to get any real juice from the Birthday Paradox. (1/10,000) ^ 30 = something with -120 in the exponent. More than all the atoms in the universe, much less hackers in a room, whether you take things to the eighth power or not.

I hear you mumbling “network effects”. We’ve all gone to the same conferences, and we have similar taste in stickers, and maybe we even trade with each other. Think six degrees of separation type stuff. Indeed, this was true in our room. A few of us had the same stickers because we gave them to each other. We had a lot more matches than you’d expect, even though we were all unique.

So while the math for these network effects is over my head, I think it says something deeper about our trusty boxen, their stickers, and their hackers. Each sticker also comes with a memory, and our collected memories make us unique like our laptops. But matching stickers are also more than pure Birthday Paradoxes, they represent the shared history of friends.

Wear your laptop stickers with pride!

This article is part of the Hackaday.com newsletter, delivered every seven days for each of the last 200+ weeks. It also includes our favorite articles from the last seven days that you can see on the web version of the newsletter. Want this type of article to hit your inbox every Friday morning? You should sign up!
3D ASCII art

Online Tool Turns STLs Into 3D ASCII Art

January 22, 2022 by 8 Comments

If you look hard enough, most of the projects we feature on these pages have some practical value. They may seem frivolous, but there’s usually something that compelled the hacker to commit time and effort to its doing. That doesn’t mean we don’t get our share of just-for-funsies projects, of course, which certainly describes this online 3D ASCII art generator.

But wait — maybe that’s not quite right. After all, [Andrew Sink] put a lot of time into the code for this, and for its predecessor, his automatic 3D low-poly generator. That project led to the current work, which like before takes an STL model as input, this time turning it into an ASCII art render. The character set used for shading the model is customizable; with the default set, the shading is surprisingly good, though. You can also swap to a black-on-white theme if you like, navigate around the model with the mouse, and even export the ASCII art as either a PNG or as a raw text file, no doubt suitable to send to your tractor-feed printer.

[Andrew]’s code, which is all up on GitHub, makes liberal use of the three.js library, so maybe stretching his 3D JavaScript skills is really the hidden practical aspect of this one. Not that it needs one — we think it’s cool just for the gee-whiz factor.

Continue reading “Online Tool Turns STLs Into 3D ASCII Art”

An alpha spark detector

Detecting Alpha Particles Using Copper Wire And High Voltage

January 22, 2022 by 14 Comments

If you want to measure radioactivity, nothing really beats a Geiger counter: compact, rugged, and reasonably easy to use, they’re by far the most commonly used tool to detect ionizing radiation. However, several other methods have been used in the past, and while they may not be very practical today, recreating them can make for an interesting experiment.

[Mirko Pavleski] used easily obtainable components to build one such device known as an alpha radiation spark detector. Invented in 1945, a spark detector contains a strong electric field into which discharges are triggered by ionizing radiation. Unlike a Geiger-Müller tube, it uses regular air, which makes it sensitive only to alpha radiation; beta and gamma rays don’t cause enough ionization at ambient pressure. Fortunately, alpha radiation is the main type emitted by the americium tablets found in old smoke detectors, so a usable source shouldn’t be too hard to find.

The construction of this device is very simple: a few thin copper wires are suspended above a round metal can, while a cheap high-voltage source provides a strong electric field between them. Sparks fly from the wires to the can when an alpha source is brought nearby; a series resistor limits the current to ensure the wires don’t overheat and melt.

Although not really practical as a measurement device, the spark detector can nevertheless be used to perform simple experiments with radioactivity. As an example, [Mirko] demonstrates in the video embedded below that alpha particles are stopped by a piece of paper and therefore present no immediate danger to humans. The high voltage present in the device does however, so care must be taken with the detector more than with the radiation source.

We’ve seen several homebrew Geiger counters, some built with plenty of duct tape or with the good old 555 timer. But you can also use photodiodes or even certain types of plastic to visualize ionizing radiation.

Continue reading “Detecting Alpha Particles Using Copper Wire And High Voltage”

Sending Pics To Grandma, No Smartphone Needed

January 21, 2022 by 32 Comments

When it comes to keeping in touch with the grandparents, a lack of familiarity with modern technology can get in the way. [palmerabollo] wanted to share photos with his grandmother, but found that it was difficult as she didn’t have a smartphone or an Internet connection to receive photos. Thus, a custom build for grandma was in order! (translated)

To minimise maintenance requirements, the build relies on a thermal receipt printer. Each roll of thermal paper is good for printing off about 150 images before needing a change, so it’s a low-cost, fuss-free solution with no need for ink changeovers.

A Raspberry Pi Zero 2W runs the show, paired with a HAT that provides cellular internet connectivity. Photos are sent over Telegram with some custom Python code that [palmerabollo] put together. The system uses the Python “thermalprinter” library, with the Floyd-Steinberg dithering algorithm baked in allowing nice quality even on the simple thermal printer.

It’s a fun build, and lets [palmerabollo] send his grandmother fun photos and messages without requiring any effort on her part. It’s super cute to see the photos stuck up on the refrigerator, too.

There’s plenty of fun to be had with thermal printers, so don’t be afraid to get stuck in yourself! Video after the break. Continue reading “Sending Pics To Grandma, No Smartphone Needed”