We purchased a small Pick and Place machine from China for doing small batch runs and prototypes. This post is to document the experience of buying and setting up a ZhengBang ZB3245TSS Pick & Place Machine. The company offers several other models, but we chose this one as it has 58 possible feeder slots meaning we could keep almost all the standard SMD components we usually use in the machine.
Spoiler Alert: Our machine came with malware preinstalled which was able to infect any USB device plugged into it! It appears that this was an oversight by Zheng Bang, rather than any deliberate action. This will be discussed later in the article.
We ordered the machine on AliExpress at a total price of about £4k GBP excluding import duty. It arrived just before we shut down for Christmas so it sat for a week before we had chance to look at it. It came pretty well packed in a large wooden crate and needed two people to lift it out of the box to put it in place.
There was not really much to plug into the machine to get it started. Basically monitor, keyboard, mouse. When switched on the machine would boot very quickly into Windows 7 Ultimate. When asking the supplier if we could update it to W10, we were told that it would stop the machine from working. A little disappointing since this is a brand new machine and W7 has been out of support since Jan 2020.
The machine came with two aluminium bars and a round rod which were not mentioned in the manual or videos. Support told me it is to hold the larger reels and sent a photo. Unfortunately it seems they sent the wrong part as there is no way for those parts to fit to the machine meaning at this point we are stuck being able to use only smaller reels. They have told us they will send out the correct part to us.
Being a machine direct from China and at relatively low cost compared to a branded competitor product, our expectations were to have to do a little work to get going with it and work around the typical Chinese product bugs and flaws. Much of the OS and other software on the machine was in Chinese which is a bit of a pain, but the main operating software was in English (well, sort of).
Opening the software called FlyerSMT_HV brought up an unsurprisingly crude looking interface, which homed the machine without any difficulty. We have used pick and place machines before so are familiar with their operation so had a quick look around at the settings and controls. They seemed familiar enough though the English words used to describe them are a little hard to understand. Well there’s always an extensive user manual to refer to right?… Right?
Zhengbang ZB3245TSS User Manual
There was a desktop shortcut on the machine to an English user manual for the machine. There was also a video file demonstrating basic setup. The first pages of the manual show all the parts and buttons labelling what they are called, though only what they are called and rather little about what they may do. For example, there’s a big button on the side of the machine called “FAST BOOT", and in the manual this is pointed at with a label saying “Fast Boot"… and that’s it! One might guess that this was some sort of fast start-up for the machine, though with it booting from an SSD it was pretty rapid anyway. If you also guessed the same, you would be wrong. We had to ask the supplier what it does as nothing in the manual or videos describes it. We were told “Fast Boot is a button ,if you done finished one time placement,then click this button ,it will directly to placement another PCB."
One of the first things to do with a pick and place machine is to set up the feeders with your components. There is a section about this in the manual, but again it is very vague and we had to contact support to clarify some points. You might expect that each of the input parameters would be described in the manual, but unfortunately they are not. The bad English makes it even harder to figure out. Support sent us a selection of YouTube videos with some guidance which did help.
At this point we felt we could at least get started editing feeders and setting up so the software on the machine was backed up to a USB stick in case we messed anything up. When plugging this USB into one of our workstations, the AntiVirus immediately popped up saying it was disinfecting the drive! Looking at the log showed it to be the file “FlyerSMT_HV.exe" which is the main operating software for the machine! This file was uploaded to VirusTotal to get an idea if it may be false positive result. VirusTotal told us that 53 out of 69 AV products flagged it as malware. Zhengbang support were told about this and they told us it is a false positive and not to worry as there is AV software installed on the machine. We were sent a new zip file with the software in it. The contents of this zip file did not flag up as containing malware.
We sent the file for malware analysis which did confirm that it did indeed contain malware. The malware would collect user data and send it to a remote address. Presumably it could be a way to steal company information such as designs, accounts, and so on, or to install ransomware on other machines. Pretty shady stuff! However, it doesn’t end there!
With the new, uninfected software from Zhengbang, we thought we can just replace the infected one and try again. That seemed to work ok, and we also copied over a few malware removal tools to the machine to make sure. When putting the USB back into a workstation, up pops Bit Defender again, but now flagging up the installers for tools we had just downloaded! They were all showing as having the same infection as FlyerSMT_HV. How could these be infected as they were from legitimate sources and did not flag up when originally downloaded?
After scanning the embedded PC in the Zhengbang machine, with several different AV tools, we discovered more malware including trojan downloaders. This malware would make a hidden copy of any exe on the USB stick, and then re-pack it with some included malware. Clever stuff!
Lots of scanning and manual work eventually has the machine showing up as not infected and the USB devices are no longer being infected. W7 has been updated as far as it can be too, and so far it appears OK. Really though it would be better to replace the SSD with a legit English copy of windows and re install only the software needed. However we will need to make sure we have a copy of all the necessary drivers and so on to get it going again.
The machine shipped with a copy of Windows 7 Ultimate installed and with updates disabled. This version of windows is very common as pirate software and would often come bundled with malware in such downloads. It could be that this is the source for the malware and Zheng bang were unaware or just didn’t care. I would have expected as company that they would check this as they could end up with their own systems at the factory compromised. Since publishing this article, it has been read thousands of times and has come to the attention of Zheng Bang themselves. Initially they asked us to delete the article, but over the Chinese New Year holiday, it has been shared widely on various websites around the world. It became so popular for a time that our server could not cope with the traffic. They have now posted a message on Hackaday where the article was shared. The message is as follows;
“I am with Zhengbang, on behalf of our company, we are sorry Richard did not get a good shopping from us.
I checked his blog, the virus he got name is Synaptics.exe as we can saw from blog picture, we can google it, it’s very famous and bad one, . I can say though Zhengbang is number one table top PNP machine factory in China, we donot have the technical strength to develop this kind of malware. We have alibaba and aliexpress stores and some of them are our
It’s hard to tell where got this virus maybe my colleague or suppliers unexpected and accidentally got it during production, but it’s our fault did not find out before deliver it to client. We are just a normal businees company never try to steal any information from clients.
My colleague is still communicating with Richard after sent him new software, hope to solve this and hope his company can put our machine in use soon.“
We feel this is a positive if belated response from Zhengbang as they accept the ultimate responsibility for it. We would now hope that they will be making sure any machines they build will be free of any viruses.
AliExpress took no action
We contacted Ali Express to report that machines were being sold with preinstalled malware, but their response was not forthcoming. They stated that it does not breach their terms and that no action will be taken. While it may not be against their policy, we know that it is against UK law according to the computer misuse act. Deliberately infecting systems using subterfuge to access computer data without permission is a criminal offence. So there you have it, if you want to sell machines with malware for illegal means, Ali Express appear to be unwilling to stop it! Below is their reply to us…
“Please be informed that the reported listing(s) is / are neither prohibited nor controlled item(s) under our Product Listing Policy."
We have seen a lot of comments on other sites linking to this article and much of the focus is on the malware being on a new machine. We feel that though disappointing, it is not entirely unexpected as Chinese suppliers are well known for malware, fake goods and low quality. More significant should be the fact that AliExpress LTD, a company registered and operating in the UK have chosen to ignore the fact that their website is being used for something illegal.
There have been a few other comments questioning why we appear to be keeping the machine rather than returning it. First of all, it was cheap and we expected to have issues with it. There is nothing else equivalent (that we are aware of) in this price bracket other than more Chinese machines. If you ever bought something from AliExpress or other direct from China stuff then you will know to lower your expectations significantly. It’s not running on our network, and now has a new SSD & legit OS installed so the risk of further infection is minimal. The hardware seems reasonably sturdy and we are hopeful we can make good use of it. That said, if it turns out that we cannot reliably build PCBs with it, then of course we will be looking for a refund. We are a teeny tiny company of just one and a half humans. COVID has caused all sorts of issues leaving us just limping along so we really want to get this machine going and try to get some things made.
Installing Clean Software
We replaced the SSD with a new 256GB mSATA drive and replaced the 2GB RAM module with a 4GB stick. We were told, that the system will not work on Windows 10, but we wanted to at least give it a try and see if there was anything we could do to get it working. We cloned a clean Windows 10 64-bit installation to the SSD which booted up fine and found most of the drivers. The LAN driver was not picked up, so we had to download this from Gigabyte on a another PC and transfer it by USB. Once online, it was fairly straightforward to install the remaining drivers for the motherboard.
The Zhengbang ZB3245 pick and place machine vision cameras are analogue cameras connected to a small PCIe capture card in the built in PC. The capture card in our machine is a Goldvision HV4000 which appears to be a fairly old bit of kit and we could find no legitimate support or drivers for it online. The original hard drive did have a copy of the drivers which we were able to install, but only after disabling driver signature enforcement in windows. Installing the drivers seemed to make the machine blue screen and we have not been able to get any images form the cameras.
The virus-free copy of Flyer_SMT.exe would not run initially as error messages pooped up about missing DLL files. These were common Visual Studio files, so we installed the VCC Redistributable pack from Microsoft and then tried again. The software loaded up, and was able to home the machine normally so appeared to be fully functional apart from the vision cameras. If at some point we find a way to get them to work in W10 we will post here, but at this point we decided to install a clean copy of Windows 7 Pro. We opted for dual boot with a separate partition so that we could go back to the W10 installation if needed later.
Installing Windows 7 32-bit on a new machine felt kinda wrong, but it only has one job to do so it doesn’t matter a great deal as long as it works and stays malware free. The process was similar, though for some drivers we needed to look up the hardware IDs on the PCI database to find the drivers. Once it was all installed the software ran OK, but again no cameras. We contacted Zhengbang support and were told to remove the HV4000 capture card and clean the contacts. This appeared to work, and the system now seems to be operational. However, we booted W10 to have another look if the card would work there now, but it didn’t show up in device manager. When going back to W7, the card was not showing up, and there was no working vision again! We discovered that if the machine were powered off at the mains, and rebooted direct to W7, the HV4000 card would reappear. Weird.
Inside the Zhengbang ZB3245TSS pick and place machine
Opening the machine is fairly simple with a few hex bolts around the top perimeter holding the heavy work area down to the base. With these removed, the top lifts up with hinges at the back and there’s a handy bar inside to hold it up. The hinges at the back do look rather undersized for how heavy the top is, so take care if you open one of these machines!
Inside is quite neat and tidy with the PC inside the black box in the rear left. The PC appears to have an HDMI port and I/O for audio, so if you wanted a different screen, or some audio, this would be possible.
Once we had the system working, We cloned the SSD to an old hard drive using an Acronis bootable USB. Plugging the hard drive into the USB3 ports via a SATA/USB adaptor didn’t work as it just caused the ports and therefore the keyboard/mouse to stop working. We had to use a SATA dock with independent power supply and this worked fine. With the system working, backed up and virus free, we could now get on with adding reels to the feeders.
Adding Component Reels
We are at the point where we can start adding parts (apart for the larger reels due to the missing bits). We will update this article as we go along and add as much useful info as we can for anyone else with such a machine.
We’d love to hear your feedback if you used one or have any suggestions for things like getting the Goldvision HV4000 capture card to work in W10.