Share this page!

Enter URL or ID to Unroll

You can paste full URL like: https://x.com/threadreaderapp/status/1644127596119195649
or just the ID like: 1644127596119195649

How to get URL link on X (Twitter) App

  1. On the Twitter thread, click on or icon on the bottom
  2. Click again on or Share Via icon
  3. Click on Copy Link to Tweet
  4. Paste it above and click "Unroll Thread"!
  5. More info at Twitter Help
Cybergibbons 🚲🚲🚲 Profile picture
@cybergibbons
Feb 24, 2024 24 tweets 9 min read Read on X
Scrolly
I've obtained one of these "EMP generators" that are intended to cause glitches in gaming machines, either for free gaming or to dump coins.

It's pretty odd.
Image
Image
Most prominent is the 3-pin device on top.

It's an NPN transistor for RF.

It's socketed and comes with a spare....
Image
Image
Superficially... when you press the button, it generates a field that can light up a fluorescent tube... Image
The instructions are... well... interesting. Image
Peeling the shrink wrap off, we can see how homebrew this is.

There's some kind of transformer on the top, with a large coil with a smaller one. Almost Tesla coil like. Image
There is a button to trigger it, two DIP switches (which I think you should only turn one on) and a trimmer pot. I can't tell what the trimmer pot does.

Image
Image
Image
Really oddly, it has three (3!!!) charging ports. I think you need to charge each one in turn. So three batteries and no charge controller?

Oddly the PSU is 12.5V... so it could really have nothing controlling charge. Image
Each one is hovering at about 12V - so possibly 36V in series? Not sure. Image
One DIP switch is continuous, the other is pulse.

A little bit of smoke came out just now. The transistor does get very hot very fast.
It's so hot glued together that taking it apart further is going to be risky...
Holy fuck nugget, that is really janky. Image
So yeah, it's 3*3 Li-Ion packs with each jack cross 3 of them. Dodgy. Image
The little board has a 555. Contacts are labelled VCC, GND, OUT-

Image
Image
Image
So with the main transistor out, the little 555 board is simply pulling the output low at around 12kHz. Duty cycle is about 60%.

Trimmer changes this frequency from about 8Hz to 25Hz.

So the top part must just be self-resonant, and this turns it on and off. Image
So with the dip switches set to "constant" (i.e. 36V applied to the resonant board, you end up with an approximately 58MHz signal on the base of the transistor. Image
And a crazy 230V on the collector! Image
I've tried to quickly reverse it... but what?

Surely I have made a mistake here?

The bigger coil is on the left of the transformer, the thinner many windings on the right.

Does this make any sense to anyone? Image
@synx508 has found someone who has looked at these before.

Schematics are almost identical. Very surprised these really oscillate so much and don't nuke themselves, given they are shorting the transistor across the rails.


Image
On the spectrum analyser, with just a short length of wire we are seeing powerful emissions at 50MHz and many harmonics.

Would be interesting to see what this does to electronics.
Image
Image
I wonder why "150MHz" is in the title? I mean, it is making noise on 150MHz, but also every other harmonic of 50MHz. Image
I mean, it seems to have some impact on electronics.

No resets, but then this is a modern microcontroller in here.
In this position, it's not doing much to the game... but check out the bench PSU!
It certainly causes things to happened that you don't expect!

I suspect this may be causing issues with the video memory.
I don't really have any targets to hand that I want to risk breaking currently. It may be interesting to see what this does to bootloaders on various devices.

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Cybergibbons 🚲🚲🚲

Cybergibbons 🚲🚲🚲 Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @cybergibbons

Cybergibbons 🚲🚲🚲 Profile picture
May 18, 2024
A quick comment thread on the NTSB prelim MV Dali report.

The ship had a pretty typical 6.6kV HV/440V LV power system.
Image
Image
They were operating with the HV bus-tie breaker closed. This is, as far as I know, totally normal on most non-DP (dynamic positioning) vessels. Image
Operating using a single transformer and with the LV bus-tie closed was not something I remembered doing too often.

We'd normally have both transformers running and the LV bus-tie open.

You'd typically have about 2MW of load, and it was good to share it over both transformers
Image
Image
Read 16 tweets
Cybergibbons 🚲🚲🚲 Profile picture
May 3, 2024
The UK mains electricity system in houses is a bit unique.

We have what is called a "ring main" where a large number of sockets are connected in a loop. The loop can provide 32A, but each individual plug can only do 13A.

So we have fuses in our plugs to limit current. Image
The idea of these is that they limit the current to each thing you plug into your ring main. The plug/socket can only handle 13A and not 32A, so you need something to limit it.
At the same time, everything you plug into a ring main should be CE certified and have a suitably sized internal fuse. The internal fuse will be smaller than the plug top fuse.

The idea is that the fuse closest to the device with a fault fails.

This is called "discrimination". Image
Read 7 tweets
Cybergibbons 🚲🚲🚲 Profile picture
Apr 28, 2024
Found a really quirky route to the OT side of a ship this week.

The corporate machines were on the 10.0.73.0/24 range.

When ARP scanning on this network, I could see a host on 192.168.1.45 - odd.

So I set my IP to 192.168.1.123 and scan 192.168.1.45 - a Windows machine.
It's called CHIEFPC and it's a HP.

Current corp machines are Lenovo. And not named by role.

I head down to the chief's office and find that his old HP machine is being used for the CCTV onboard the vessel - which is on 192.168.1.0/24.
It's just been connected to the nearest socket.

It's logged in and is local admin, I dump SAM and SYSTEM, put on a share and head back to my machine.

Extract accounts/hashes using secretsdump, and crack with john-the-ripper locally.
Read 15 tweets
Cybergibbons 🚲🚲🚲 Profile picture
Apr 9, 2024
A thread of the variety of products on ships that allow remote monitoring of critical systems on ships.

Just really want to put to bed the idea that systems are always air gapped.

Kongsberg offer multiple systems allowing remote monitoring of ICMS.
kongsberg.com/globalassets/m…
Image
Wartsila NACOS, another of the very popular ICMS, allows remote maintenance of their systems.

wartsila.com/docs/default-s…
Image
Hyundai as part of the Hi-whatever ICMS allow remote monitoring.

hd-marinesolution.com/eng/CMS/Conten…
Image
Read 5 tweets
Cybergibbons 🚲🚲🚲 Profile picture
Apr 3, 2024
I broadly agree with this thread, but there's a few aspects where I think the scale and magnitude of the issues on modern ships is maybe not clear.

The number of modern vessels that have all their critical safety systems air gapped is getting lower and lower.
What do I mean by critical systems?

Steering (which, oddly, depends on the type of vessel)
Propulsion (which can be the same as steering)
Power management system
ECDIS (electronic charts, which may or may not directly impact navigation)
Let's look at a few of the times we've found air gaps eroded on vessels.

This is the console used to control dynamic positioning on an offshore support vessel. This is designed to hold position, with control over propulsion and steering. Image
Read 26 tweets
Cybergibbons 🚲🚲🚲 Profile picture
Mar 30, 2024
Ships might be "wide open" to cyber attack, but in my opinion, this shows a lack of nuance around what is being attacked, what the impact would be, and if it would be stopped by the crew.
I would say that IT security - the corporate stuff - in maritime is as bad as it can get.

Getting from IT to OT - operational technology, the actual moving bits - is much harder.

(or just to OT, direct, another topic)
We've ended up in the situation where nearly all ships differ to others.

I think this makes ensuring they're secure hard. We need to check each one.

Conversely, it means that attacking them is hard, as you need to understand each one.
Read 14 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us!

Send Email!

:(