It’s not likely that we’ll talk about a new PC here at Hackaday because where’s the news in yet another commodity computer? But today along comes not one but two new PCs courtesy of the ever bounteous hall of wonders at AliExpress, that are unusual enough to take a look at. If you have around $250 to spare, you can have a brand new, made in 2023, 80386sx plamtop PC capable of running Windows 95, or an 8088 laptop for DOS. Just what on earth is going on?
Something that probably unites many Hackaday readers is an idle pursuit of browsing AliExpress for new pieces of tech. Perhaps it’s something akin to social media doomscrolling without the induced anger, and it’s certainly entertaining to see some of the weird and wonderful products that can be had for a few dollars and a couple of weeks wait. Every now and then something pops up that deserves a second look, and it’s one of those that has caught my attention today. Why am I being offered planar PCB coils with some electronics, described as “Schumann resonators”? What on earth is Schumann resonance, anyway? Continue reading “What Is A Schumann Resonance And Why Am I Being Offered A 7.83Hz Oscillator?”
The old saying “you get what you pay for” is a cautionary cliché, but is directly contrary to several other common sayings. In the case of [Spikee]’s planned CNC machine build, he took the more adventurous idiom of “no risk, no reward” to heart when he purchased these spindles for the machine from AliExpress. While the delivered product seemed fine, there were some problems that needed investigations.
Upon delivery of the spindle, everything seemed to work correctly out-of-the-box. Even the variable frequency drive, which was programmed at the factory, was working properly. But at around 8000 rpm the machine would begin shaking. The suspected part causing the vibration was the tool holder, so after checking the machine’s runout and also using a specialized vibration sensor this was confirmed to be the case.
Luckily [Spikee] was able to get a refund on the tool holders since they were out of spec, but still has a quite capable spindle on his hands for an excellent price. Without some skills in troubleshooting he might have returned the entire machine unnecessarily. If you are looking for some other ideas in setting up an inexpensive CNC machine, you might also like to look at BLDC motors from a remote control vehicle.
Isn’t it convenient when your pick-and-place machine arrives with a fully-set-up computer inside of it? Plug in a keyboard, mouse and a monitor, and you have a production line ready to go. Turns out, you can have third parties partake in your convenience by sharing your private information with them – as long as you plug in an Ethernet cable! [Richard] from [RM Cybernetics] has purchased a ZhengBang ZB3245TSS machine, and in the process of setting it up, dutifully backed up its software onto a USB stick – as we all ought to.
This bit of extra care, often missed by fellow hackers, triggered an antivirus scanner alert, and subsequently netted some interesting results on VirusTotal – with 53/69 result for a particular file. That wasn’t conclusive enough – they’ve sent the suspicious file for an analysis, and the test came back positive. After static and dynamic analysis done by a third party, the malware was confirmed to collect metadata accessible to the machine and send it all to a third-party server. Having contacted ZhengBang about this mishap, they received a letter with assurances that the files were harmless, and a
.zip attachment with replacement “clean” files which didn’t fail the antivirus checks.
It didn’t end here! After installing the “clean” files, they also ran a few anti-malware tools, and all seemed fine. Then, they plugged the flash drive into another computer again… to encounter even more alerts than before. The malware was equipped with a mechanism to grace every accessible
.exe with a copy of itself on sight, infecting even
.exe‘s of the anti-malware tools they put on that USB drive. The article implies that the malware could’ve been placed on the machines to collect your company’s proprietary design information – we haven’t found a whole lot of data to support that assertion, however; as much as it is a plausible intention, it could have been a case of an unrelated virus spread in the factory. Surprisingly, all of these discoveries don’t count as violations of Aliexpress Terms and Conditions – so if you’d like to distribute a bunch of IoT malware on, say, wireless routers you bought in bulk, now you know of a platform that will help you!
This goes in our bin of Pretty Bad News for makers and small companies. If you happen to have a ZhengBang pick-and-place machine with a built-in computer, we recommend that you familiarize yourself with the article and do an investigation. The article also goes into details on how to reinstall Windows while keeping all the drivers and software libraries working, but we highly recommend you worry about the impact of this machine’s infection spread mechanisms, first.
Supply chain attacks, eh? We’ve seen plenty of these lately, what’s with communities and software repositories being targeted every now and then. Malware embedded into devices from the factory isn’t a stranger to us, either – at least, this time we have way more information than we did when Supermicro was under fire.
Editor’s Note: As pointed out by our commenters, there’s currently not enough evidence to assert that Zhengbang’s intentions were malicious. The article has been edited to reflect the situation more accurately, and will be updated if more information becomes available.
Editor’s Note Again: A rep from Zhengbang showed up in the comments and claims that this was indeed a virus that they picked up and unintentionally passed on to the end clients.
One of the exciting trends in hardware availability is the inexorable move of FPGA boards and modules towards affordability. What was once an eye-watering price is now merely an expensive one, and no doubt in years to come will become a commodity. There’s still an affordability gap at the bottom of the market though, so spotting sub-$20 Xilinx Zynq boards on AliExpress that combine a Linux-capable ARM core and an FPGA on the same silicon is definitely something of great interest. A hackerspace community friend of mine ordered one, and yesterday it arrived in the usual anonymous package from China.
There’s a Catch, But It’s Only A Small One
There are two boards to be found for sale, one featuring the Zynq 7000 and the other the 7010, which the Xilinx product selector tells us both have the same ARM Cortex A9 cores and Artix-7 FPGA tech on board. The 7000 includes a single core with 23k logic cells, and there’s a dual-core with 28k on the 7010. It was the latter that my friend had ordered.
So there’s the good news, but there has to be a catch, right? True, but it’s not an insurmountable one. These aren’t new products, instead they’re the controller boards for an older generation of AntMiner cryptocurrency mining rigs. The components have 2017 date codes, so they’ve spent the last three years hooked up to a brace of ASIC or GPU boards in a mining data centre somewhere. The ever-changing pace of cryptocurrency tech means that they’re now redundant, and we’re the lucky beneficiaries via the surplus market.
We nearly passed over this tip from [xoxu] which was just a few links to some AliExpress pages. However, when we dug a bit into the pages we found something pretty surprising. Somewhere out there in the wild we…east of China there’s a company not only reverse engineering the Mini Cheetah, but improving it too.
We cover a lot of Mini Cheetah projects; it’s a small robot that can do a back-flip after all. When compared to the servo quadruped of not so many years ago it’s definitely exciting magic. Many of the projects go into detail about the control boards and motor modifications required to build a Mini Cheetah of your own. So we were especially interested to discover that this AliExpress seller has gone through the trouble of not just reverse engineering the design, but also improving on it. Claiming their motors are thinner and more dust resistant than what they’ve seen from MIT.
To be honest, we’re not sure what we’re looking at. It’s kind of cool that we live in a world where a video of a research project and some papers can turn into a $12k robot you can buy right now. Let us know what you think after the break.
[Charles Ouweland] purchased some parts off Aliexpress and noticed that the Texas Instruments logo on some of his parts wasn’t the Texas Instruments logo at all, it was just some kind of abstract shape that vaguely resembled the logo. Suspicious and a little curious, he decided to take a closer look at the MCP1702 3.3v LDO regulators he ordered as well. Testing revealed that they were counterfeits with poor performance.
Looking at the packages, there were some superficial differences in the markings of the counterfeit MCP1702 versus genuine parts from Microchip, but nothing obviously out of place. To conclusively test the devices, [Charles] referred to Microchip’s datasheet. It stated that the dropout voltage of the part should be measured by having the regulator supply the maximum rated 250 mA in short pulses to avoid any complications from the part heating up. After setting up an appropriate test circuit with a 555 timer to generate the pulses for low duty cycle activation, [Charles] discovered that the counterfeit parts did not meet Microchip specifications. While the suspect unit did output 3.3 V, the output oscillated badly after activation and the dropout voltage was 1.2 V, considerably higher than the typical dropout voltage of 525 mV for the part, and higher even than the maximum of 725 mV. His conclusion? The parts would be usable in the right conditions, but they were clearly fakes.
The usual recourse when one has received counterfeit parts is to dump them into the parts bin (or the trash) and perhaps strive to be less unlucky in the future, but [Charles] decided to submit a refund request and to his mild surprise, Aliexpress swiftly approved a refund for the substandard parts.
While a refund is appropriate, [Charles] seems to interpret the swift refund as a sort of admission of guilt on the part of the reseller. Is getting a refund for counterfeit parts a best-case outcome, evidence of wrongdoing, or simply an indication that low value refund requests get more easily approved? You be the judge of that, but if nothing else, [Charles] reminds us that fake parts may be useful for something perhaps unexpected: a refund.