Remote Code Execution On An Oscilloscope

July 17, 2023 by Bryan Cockfield 10 Comments

There are a huge number of products available in the modern world that come with network connectivity now, when perhaps they might be better off with out it. Kitchen appliances like refrigerators are the classic example, but things like lightbulbs, toys, thermostats, and door locks can all be found with some sort of Internet connectivity. Perhaps for the worse, too, if the security of these devices isn’t taken seriously, as they can all be vectors for attacks. Even things like this Rigol oscilloscope and its companion web app can be targets.

The vulnerability for this oscilloscope starts with an analysis of the firmware, which includes the web control application. To prevent potentially bricking a real oscilloscope, this firmware was emulated using QEMU. The vulnerability exists in the part of the code which involves changing the password, where an attacker can bypass authentication by injecting commands into the password fields. In the end, the only thing that needs to be done to gain arbitrary code execution on the oscilloscope is to issue a curl command directed at the oscilloscope.

In the end, [Maunel] suggests not connecting this oscilloscope to the Internet at all. He has informed the producer about it but as of this writing there has not been a resolution. It does, however, demonstrate the vulnerabilities that can be present in network-connected devices where the developers of the software haven’t gone to the lengths required to properly secure them for use with the modern Internet. Even things not connected to a traditional Internet connection can be targets for attacks.

Own More Than One ‘Scope? You’ve Got Nothing On This Guy!

May 24, 2023 by Jenny List 18 Comments

We’re guessing that quite a few of our readers have a surprising amount of redundant test gear, and we ourselves have to admit that more than one instrument adorns our benches. But we are mere dilettantes, amateurs if you will, compared to [Volke Kloke]. He’s got 350 of them in his average American home, and we have to say, among them are some beauties.

The linked newspaper article is sometimes frustratingly light on the details, but fortunately he has a website all of his own where we can all get immersed in the details. Of particular interest is an instrument which doesn’t even have a CRT, the General Radio 338 string oscillograph used a mirror drum to catch a standing wave in a tungsten wire, but there are plenty more. Is your first ‘scope among them?

As we now live in the age of cheap digital ‘scopes, at any surplus sale you’ll see plenty of CRT-based instruments going for relative pennies. Of those, the more recent and high-end ones are still extremely useful instruments, and it’s not just misty-eyed reminiscing to say that they remain a worthy addition to any bench.

Want to know about early ‘scope tech? We’ve taken a look before.

Tools Of The Trade: Dirt Cheap Or Too Dirty?

May 13, 2023 by Elliot Williams 69 Comments

We’ve recently seen a couple reviews of a particularly cheap oscilloscope that, among other things, doesn’t meet its advertised specs. Actually, it’s not even close. It claims to be a 100 MHz scope, and it’s got around 30 MHz of bandwidth instead. If you bought it for higher frequency work, you’d have every right to be angry. But it’s also cheap enough that, if you were on a very tight budget, and you knew its limitations beforehand, you might be tempted to buy it anyway. Or so goes one rationale.

In principle, I’m of the “buy cheap, buy twice” mindset. Some tools, especially ones that you’re liable to use a lot, make it worth your while to save up for the good stuff. (And for myself, I would absolutely put an oscilloscope in that category.) The chances that you’ll outgrow or outlive the cheaper tool and end up buying the better one eventually makes the money spent on the cheaper tool simply wasted.

But that’s not always the case either, and that’s where you have to know yourself. If you’re only going to use it a couple times, and it’s not super critical, maybe it’s fine to get the cheap stuff. Or if you know you’re going to break it in the process of learning anyway, maybe it’s a shame to put the gold-plated version into your noob hands. Or maybe you simply don’t know if an oscilloscope is for you. It’s possible!

And you can mix and match. I just recently bought tools for changing our car’s tires. It included a dirt-cheap pneumatic jack and an expensive torque wrench. My logic? The jack is relatively easy to make functional, and the specs are so wildly in excess of what I need that even if it’s all lies, it’ll probably suffice. The torque wrench, on the other hand, is a bit of a precision instrument, and it’s pretty important that the bolts are socked up tight enough. I don’t want the wheels rolling off as I drive down the road.

Point is, I can see both sides of the argument. And in the specific case of the ’scope, the cheapo one can also be battery powered, which gives it a bit of a niche functionality when probing live-ground circuits. Still, if you’re marginally ’scope-curious, I’d say save up your pennies for something at least mid-market. (Rigol? Used Agilent or Tek?)

But isn’t it cool that we have so many choices? Where do you buy cheap? Where won’t you?

FNIRSI Vs Rigol: An Alternate View

May 11, 2023 by Al Williams 30 Comments

We’ve heard of the FNIRSI 1014D scope, but we’ve had the impression that it might not be a great scope, although it is economical. [Learn Electronics Repair] had heard from another YouTuber that it was “a piece of junk.” However, he wanted to look at it compared to another inexpensive scope, the Rigol DS1052E. His results were different from what we usually hear. To be clear, he didn’t think it was a perfect scope, but he did find it very usable for his purpose.

The 46-minute-long video does more than just a casual look. He uses both scopes in some real-world measurements. If you are in the market for a scope in this price range, it is worth the time to watch.

Continue reading “FNIRSI Vs Rigol: An Alternate View” →

OScope Advert From 1987 Rocks It

May 11, 2023 by Al Williams 31 Comments

We can’t remember ever seeing a late-night TV ad for oscilloscopes before but, for some reason, Tektronix did produce a video ad in 1987. You can see it below and enjoy the glorious music and video production standards of the 1980s.

We assume this was made to show at some trade show or the like. Even if there was a Home Shopping Network in 1987, we doubt many of these would have been sold despite the assertion they were “low cost” — clearly a relative term in this case.

You’ve got to wonder if the narrator understood what he was saying or if he was just reading from a script. Pretty impressive either way. We loved these old scopes, although we also like having very capable scopes that don’t strain our backs to lift.

On the bright side, these scopes today are pretty affordable on the used market if you can find one that doesn’t need a repair with an exotic part. For example, we found several 2221s or 2221As for under $200 without looking hard. The shipping, of course, could potentially almost double the price.

While you can get a modern scope for $200, it probably isn’t the same quality as a Tektronix. Then again, the new scope won’t have CRTs and exotic Tektronix parts to wear out, either. Picking a scope is a pretty personal affair, though, so one person’s great scope might be another person’s piece of junk.

Continue reading “OScope Advert From 1987 Rocks It” →

Hackaday Links: April 23, 2023

April 23, 2023 by Dan Maloney 7 Comments

Mark it on your calendars, folks — this is the week that the term RUD has entered the public lexicon. Sure, most of our community already knows the acronym for “rapid unscheduled disassembly,” and realizes its tongue-in-cheek nature. But given that the term has been used by Elon Musk and others to describe the ignominious end of the recent Starship test flight, it seems like RUD will catch on in the popular press. But while everyone’s attention was focused on the spectacular results of manually activating Starship’s flight termination system to end its by-then uncontrolled flight at a mere 39 km, perhaps the more interesting results of the launch were being seen in and around the launch pad on Boca Chica. That’s where a couple of hundred tons of pulverized reinforced concrete rained down, turned to slag and dust by the 33 Raptor engines on the booster. A hapless Dodge Caravan seemed to catch the worst of the collateral damage, but the real wrath of those engines was focused on the Orbital Launch Mount, which now has a huge crater under it.

Continue reading “Hackaday Links: April 23, 2023” →

Retro Gadgets: The 1983 Pocket Oscilloscope

April 14, 2023 by Al Williams 30 Comments

In the 1980s, an oscilloscope was typically a bulky affair with a large CRT, and a heavy power supply. So it probably grabbed a lot of attention in 1983 when Calvert Instruments Incorporated ran an ad in magazines like Radio Electronics. The ad touted a 5 MHz scope that was pocket-sized and weighed 4 ounces. The ad proudly proclaimed: CRT oscilloscopes just became obsolete!

Indeed they would, but if you are wondering who Calvert Instruments was, so are we. We have never heard of them before or since, and we don’t know for certain if any of these devices were ever actually produced. What did it use instead of a CRT? The CI Model 210 Pocket-O-Scope was not only solid state but used an LED screen 1.5 inches square. That’s small, but it packed in 210 LEDs for “high resolution.” We assume that was also the genesis of the model number. Judging from the product picture, there were 14 LEDs in the X direction and 15 in the Y direction. High resolution, for sure!

There were some early LCD scopes (like the Iskrascope and one from Scopex) around the same time, but it would be the 1990s before we would see LCD oscilloscopes and even longer before CRTs were totally squeezed out.

Continue reading “Retro Gadgets: The 1983 Pocket Oscilloscope” →