Exploring Cheap Tantalum Caps Of Mysterious Provenance

July 22, 2024 by Dan Maloney 25 Comments

We’ve all heard about the perils of counterfeit chips, and more than a few of us have probably been bitten by those scruple-free types who run random chips through a laser marker and foist them off as something they’re not. Honestly, we’ve never understood the business model here — it seems like the counterfeiters spend almost as much time and effort faking chips as they would just getting the real ones. But we digress.

Unfortunately, integrated circuits aren’t the only parts that can be profitably faked, as [Amateur Hardware Repair] shows us with this look at questionable tantalum capacitors. In the market for some tantalums for a repair project, the offerings at AliExpress proved too tempting to resist, despite being advertised alongside 1,000 gram gold bars for $121 each. Wisely, he also ordered samples from more reputable dealers like LCSC, DigiKey, and Mouser, although not at the same improbably low unit price.

It was pretty much clear where this would be going just from the shipping. While the parts houses all shipped their tantalums in Mylar bags with humidity indicators, with all but LCSC including a desiccant pack, the AliExpress package came carefully enrobed in — plastic cling wrap? The Ali tantalums were also physically different from the other parts: they were considerably smaller, the leads seemed a little chowdered up, and the package markings were quite messy and somewhat illegible. But the proof is in the testing, and while all the more expensive parts tested fine in terms of capacitance and equivalent series resistance, the caps of unknown provenance had ESRs in the 30 milliohm range, three to five times what the reputable caps measured.

None of this is to say that there aren’t some screaming deals on marketplaces like AliExpress, Amazon, and eBay, of course. It’s not even necessarily proof that these parts were in fact counterfeit, it could be that they were just surplus parts that hadn’t been stored under controlled conditions. But you get what you pay for, and as noted in the comments below the video, a lot of what you’re paying for at the parts houses is lot tracebility.

Continue reading “Exploring Cheap Tantalum Caps Of Mysterious Provenance” →

New DOS PCs, In 2023?

May 15, 2023 by Jenny List 85 Comments

It’s not likely that we’ll talk about a new PC here at Hackaday because where’s the news in yet another commodity computer? But today along comes not one but two new PCs courtesy of the ever bounteous hall of wonders at AliExpress, that are unusual enough to take a look at. If you have around $250 to spare, you can have a brand new, made in 2023, 80386sx plamtop PC capable of running Windows 95, or an 8088 laptop for DOS. Just what on earth is going on?

Continue reading “New DOS PCs, In 2023?” →

What Is A Schumann Resonance And Why Am I Being Offered A 7.83Hz Oscillator?

May 12, 2023 by Jenny List 108 Comments

Something that probably unites many Hackaday readers is an idle pursuit of browsing AliExpress for new pieces of tech. Perhaps it’s something akin to social media doomscrolling without the induced anger, and it’s certainly entertaining to see some of the weird and wonderful products that can be had for a few dollars and a couple of weeks wait. Every now and then something pops up that deserves a second look, and it’s one of those that has caught my attention today. Why am I being offered planar PCB coils with some electronics, described as “Schumann resonators”? What on earth is Schumann resonance, anyway? Continue reading “What Is A Schumann Resonance And Why Am I Being Offered A 7.83Hz Oscillator?” →

Testing An Inexpensive CNC Spindle

September 12, 2022 by Bryan Cockfield 22 Comments

The old saying “you get what you pay for” is a cautionary cliché, but is directly contrary to several other common sayings. In the case of [Spikee]’s planned CNC machine build, he took the more adventurous idiom of “no risk, no reward” to heart when he purchased these spindles for the machine from AliExpress. While the delivered product seemed fine, there were some problems that needed investigations.

Upon delivery of the spindle, everything seemed to work correctly out-of-the-box. Even the variable frequency drive, which was programmed at the factory, was working properly. But at around 8000 rpm the machine would begin shaking. The suspected part causing the vibration was the tool holder, so after checking the machine’s runout and also using a specialized vibration sensor this was confirmed to be the case.

Luckily [Spikee] was able to get a refund on the tool holders since they were out of spec, but still has a quite capable spindle on his hands for an excellent price. Without some skills in troubleshooting he might have returned the entire machine unnecessarily. If you are looking for some other ideas in setting up an inexpensive CNC machine, you might also like to look at BLDC motors from a remote control vehicle.

A Zhengbang Pick&Place machine, with a Virustotal 53/69 result and "53 security vendors and 1 sandbox flagged this file as mailcious" crudely overlaid on top of the image

Zhengbang Pick & Places Your Confidential Data In The Bag, Slowly

January 22, 2022 by Arya Voronova 30 Comments

Isn’t it convenient when your pick-and-place machine arrives with a fully-set-up computer inside of it? Plug in a keyboard, mouse and a monitor, and you have a production line ready to go. Turns out, you can have third parties partake in your convenience by sharing your private information with them – as long as you plug in an Ethernet cable! [Richard] from [RM Cybernetics] has purchased a ZhengBang ZB3245TSS machine, and in the process of setting it up, dutifully backed up its software onto a USB stick – as we all ought to.

This bit of extra care, often missed by fellow hackers, triggered an antivirus scanner alert, and subsequently netted some interesting results on VirusTotal – with 53/69 result for a particular file. That wasn’t conclusive enough – they’ve sent the suspicious file for an analysis, and the test came back positive. After static and dynamic analysis done by a third party, the malware was confirmed to collect metadata accessible to the machine and send it all to a third-party server. Having contacted ZhengBang about this mishap, they received a letter with assurances that the files were harmless, and a .zip attachment with replacement “clean” files which didn’t fail the antivirus checks.

It didn’t end here! After installing the “clean” files, they also ran a few anti-malware tools, and all seemed fine. Then, they plugged the flash drive into another computer again… to encounter even more alerts than before. The malware was equipped with a mechanism to grace every accessible .exe with a copy of itself on sight, infecting even .exe‘s of the anti-malware tools they put on that USB drive. The article implies that the malware could’ve been placed on the machines to collect your company’s proprietary design information – we haven’t found a whole lot of data to support that assertion, however; as much as it is a plausible intention, it could have been a case of an unrelated virus spread in the factory. Surprisingly, all of these discoveries don’t count as violations of Aliexpress Terms and Conditions – so if you’d like to distribute a bunch of IoT malware on, say, wireless routers you bought in bulk, now you know of a platform that will help you!

This goes in our bin of Pretty Bad News for makers and small companies. If you happen to have a ZhengBang pick-and-place machine with a built-in computer, we recommend that you familiarize yourself with the article and do an investigation. The article also goes into details on how to reinstall Windows while keeping all the drivers and software libraries working, but we highly recommend you worry about the impact of this machine’s infection spread mechanisms, first.

Supply chain attacks, eh? We’ve seen plenty of these lately, what’s with communities and software repositories being targeted every now and then. Malware embedded into devices from the factory isn’t a stranger to us, either – at least, this time we have way more information than we did when Supermicro was under fire.

Editor’s Note: As pointed out by our commenters, there’s currently not enough evidence to assert that Zhengbang’s intentions were malicious. The article has been edited to reflect the situation more accurately, and will be updated if more information becomes available.

Editor’s Note Again: A rep from Zhengbang showed up in the comments and claims that this was indeed a virus that they picked up and unintentionally passed on to the end clients.

A Xilinx Zynq Linux FPGA Board For Under $20? The Windfall Of Decommissioned Crypto Mining

December 10, 2020 by Jenny List 80 Comments

One of the exciting trends in hardware availability is the inexorable move of FPGA boards and modules towards affordability. What was once an eye-watering price is now merely an expensive one, and no doubt in years to come will become a commodity. There’s still an affordability gap at the bottom of the market though, so spotting sub-$20 Xilinx Zynq boards on AliExpress that combine a Linux-capable ARM core and an FPGA on the same silicon is definitely something of great interest. A hackerspace community friend of mine ordered one, and yesterday it arrived in the usual anonymous package from China.

There’s a Catch, But It’s Only A Small One

The heftier of the two boards, in all its glory.

There are two boards to be found for sale, one featuring the Zynq 7000 and the other the 7010, which the Xilinx product selector tells us both have the same ARM Cortex A9 cores and Artix-7 FPGA tech on board. The 7000 includes a single core with 23k logic cells, and there’s a dual-core with 28k on the 7010. It was the latter that my friend had ordered.

So there’s the good news, but there has to be a catch, right? True, but it’s not an insurmountable one. These aren’t new products, instead they’re the controller boards for an older generation of AntMiner cryptocurrency mining rigs. The components have 2017 date codes, so they’ve spent the last three years hooked up to a brace of ASIC or GPU boards in a mining data centre somewhere. The ever-changing pace of cryptocurrency tech means that they’re now redundant, and we’re the lucky beneficiaries via the surplus market.

Continue reading “A Xilinx Zynq Linux FPGA Board For Under $20? The Windfall Of Decommissioned Crypto Mining” →

MIT Mini Cheetah Made And Improved In China

October 19, 2019 by Gerrit Coetzee 21 Comments

We nearly passed over this tip from [xoxu] which was just a few links to some AliExpress pages. However, when we dug a bit into the pages we found something pretty surprising. Somewhere out there in the wild we…east of China there’s a company not only reverse engineering the Mini Cheetah, but improving it too.

We cover a lot of Mini Cheetah projects; it’s a small robot that can do a back-flip after all. When compared to the servo quadruped of not so many years ago it’s definitely exciting magic. Many of the projects go into detail about the control boards and motor modifications required to build a Mini Cheetah of your own. So we were especially interested to discover that this AliExpress seller has gone through the trouble of not just reverse engineering the design, but also improving on it. Claiming their motors are thinner and more dust resistant than what they’ve seen from MIT.

To be honest, we’re not sure what we’re looking at. It’s kind of cool that we live in a world where a video of a research project and some papers can turn into a $12k robot you can buy right now. Let us know what you think after the break.