Bitcoin Forum

Bitcoin => Bitcoin Discussion => Topic started by: achow101 on April 26, 2017, 09:22:30 PM

Title: Antbleed: A remote shutdown backdoor in antminers
Post by: achow101 on April 26, 2017, 09:22:30 PM

Quote

Antbleed is a backdoor introduced by Bitmain into the firmware of their bitcoin mining hardware Antminer.

The firmware checks-in with a central service randomly every 1 to 11 minutes. Each check-in transmits the Antminer serial number, MAC address and IP address. Bitmain can use this check-in data to cross check against customer sales and delivery records making it personally identifiable. The remote service can then return "false" which will stop the miner from mining.

Read http://www.antbleed.com/ for more info

The shutdown backdoor has been independently tested by multiple people.

Edit:

I have analyzed the code and I have determined how this is happening and most likely why it was put there.
First, let's start with the how. The firmware will spawn a thread (https://github.com/bitmaintech/bmminer/blob/b5de92908498590d96d333a1e2570eab0eb321d3/driver-btm-c5.c#L7841) which calls the send_mac function (https://github.com/bitmaintech/bmminer/blob/b5de92908498590d96d333a1e2570eab0eb321d3/driver-btm-c5.c#L7764) which, as the name implies, sends data (https://github.com/bitmaintech/bmminer/blob/b5de92908498590d96d333a1e2570eab0eb321d3/driver-btm-c5.c#L7671) about the machine to the AUTH_URL auth.minerlink.com (https://github.com/bitmaintech/bmminer/blob/b5de92908498590d96d333a1e2570eab0eb321d3/driver-btm-c5.c#L223). The device then will attempt to receive data (https://github.com/bitmaintech/bmminer/blob/b5de92908498590d96d333a1e2570eab0eb321d3/driver-btm-c5.c#L7752) from the server and check if the response is false (https://github.com/bitmaintech/bmminer/blob/b5de92908498590d96d333a1e2570eab0eb321d3/driver-btm-c5.c#L7755). If it is, the function returns true which sets the stop_mining global variable (https://github.com/bitmaintech/bmminer/blob/b5de92908498590d96d333a1e2570eab0eb321d3/driver-btm-c5.c#L7776) to be true.

When that variable is true, in the temperature checking thread, it will set the status_error global variable (https://github.com/bitmaintech/bmminer/blob/b5de92908498590d96d333a1e2570eab0eb321d3/driver-btm-c5.c#L4548) to true. That will then tell the work update function (https://github.com/bitmaintech/bmminer/blob/b5de92908498590d96d333a1e2570eab0eb321d3/driver-btm-c5.c#L8130) to not send out jobs (https://github.com/bitmaintech/bmminer/blob/b5de92908498590d96d333a1e2570eab0eb321d3/driver-btm-c5.c#L8165) so it is no longer mining.

Now for the why.

Bitmain previously was going to launch a service called Minerlink. This service never launched, but it was intended get the "real-time miner status remotely" (https://web-beta.archive.org/web/20150208141935/http://www.minerlink.com:80/). There is probably a feature that allows you to make sure that the only miners submitting work for you are your miners, hence the need for an auth url. It is also possible that another feature was to allow you to remotely stop a machine from mining if it were misbehaving. This would explain why this code was put there in the first place. However, since minerlink does not exist, this functionality is now a liability and should have been removed long ago.

Title: Re: Antbleed: A remote shutdown backdoor in antminers
Post by: gentlemand on April 26, 2017, 09:28:56 PM

What's more interesting is that anyone can brick them according to this -

https://www.reddit.com/r/Bitcoin/comments/67qwqv/antbleed_exposing_the_malicious_backdoor_on/dgsk6cf/

Title: Re: Antbleed: A remote shutdown backdoor in antminers
Post by: Yakamoto on April 26, 2017, 09:56:30 PM

Quote from: achow101 on April 26, 2017, 09:22:30 PM

Quote

Read http://www.antbleed.com/ for more info

The shutdown backdoor has been independently tested by multiple people.

So we know that the backdoor allows for there to be a false shutdown command sent to miners, is there any idea what other kinds of exploits are possible off of this, beyond some potential shenanigans happening with miner's hardware?

I'm looking through it and I'm not seeing anything that says anything about further potential implications of this bug. I don't believe it would be possible to take remote control of the hardware through this, would it?

Title: Re: Antbleed: A remote shutdown backdoor in antminers
Post by: zerosumking on April 26, 2017, 09:59:04 PM

Quote from: Yakamoto on April 26, 2017, 09:56:30 PM

Quote from: achow101 on April 26, 2017, 09:22:30 PM

Quote

Read http://www.antbleed.com/ for more info

The shutdown backdoor has been independently tested by multiple people.

I'm reading that they could also do a remote reflash of the firmware and potentially brick the hardware.

Title: Re: Antbleed: A remote shutdown backdoor in antminers
Post by: eaLiTy on April 26, 2017, 10:03:05 PM

Quote from: achow101 on April 26, 2017, 09:22:30 PM

The shutdown backdoor has been independently tested by multiple people.

So this means that they can literally shut down any miners at will using their hardware,which is really scary and with the scaling debate going on they could literally shut down any miners and reach a consensus and if that is the case i hope the patch works by upgrading the firmware but even an upgrade could mess things up.This is the fruits of monopoly and nothing can be done against it , which is ridiculous.

Title: Re: Antbleed: A remote shutdown backdoor in antminers
Post by: Yakamoto on April 26, 2017, 10:14:43 PM

Quote from: zerosumking on April 26, 2017, 09:59:04 PM

Quote from: Yakamoto on April 26, 2017, 09:56:30 PM

Quote from: achow101 on April 26, 2017, 09:22:30 PM

Quote

Read http://www.antbleed.com/ for more info

The shutdown backdoor has been independently tested by multiple people.

I'm reading that they could also do a remote reflash of the firmware and potentially brick the hardware.

This is something I was wondering about. Considering that they have the potential to shutdown hardware I would be surprised if there wasn't the possibility for them to start bricking hardware as well. I hope that Antminer gets this fixed, but it sure as hell might cause issues for a lot of people using their hardware if this doesn't start to get fixed quickly. Constant shutdowns and restarts aren't something that a miner wants to deal with a lot of the time, and a bricked piece of hardware is definitely not something they want.

Title: Re: Antbleed: A remote shutdown backdoor in antminers
Post by: achow101 on April 26, 2017, 10:18:34 PM

Quote from: Yakamoto on April 26, 2017, 10:14:43 PM

There seems to be an exploit where you can send it more data than it is expecting and thus write into memory that you shouldn't thus allowing for a remote code execution exploit.

Edit: That is actually not exploitable. However bitmain supposedly has a way to reflash firmware remotely: https://www.reddit.com/r/Bitcoin/comments/67qwqv/antbleed_exposing_the_malicious_backdoor_on/dgsk6cf/

Title: Re: Antbleed: A remote shutdown backdoor in antminers
Post by: FiendCoin on April 26, 2017, 10:35:44 PM

First ol'Jihan says SegWit is good code but he has to oppose it at all costs with no real justifiable reason and then his fucking backdoor comes to light!

This fuckturd is trying to destroy Bitcoin. When will people wake up!

Title: Re: Antbleed: A remote shutdown backdoor in antminers
Post by: BillyBobZorton on April 26, 2017, 10:39:15 PM

So if I understood it correctly, bitmain has a remote kill-switch (effectively, since they can brick the machines with the firmware change) on 70% of hashrate? fanastic. What are we supposed to do now, other than change the PoW algo immediately? Core Devs should be having a meeting with non-Bitmain miners right now proposing a roadmap to change the algo and leave Bitmain isolated. I don't think even the BU camp is stupid enough to keep supporting Jihan and his rigged miners anymore.

Anything but open source mining machines should be totally banned from the network. Ideally we should go back to 1cpu=1miner with a new PoW, but how do we guarantee that we will not end up like this again? at least we'll set a precedent I guess.

Anyway, I hope Core Devs are already on this like I said before. We can't go no longer than a week sitting under explosives.

Title: Re: Antbleed: A remote shutdown backdoor in antminers
Post by: gentlemand on April 26, 2017, 10:41:14 PM

Quote from: BillyBobZorton on April 26, 2017, 10:39:15 PM

It looks like it can be blocked with a change of code. And it also looks like it's an old feature named Minerlink that was never put into action but left there to fester. That's giving the benefit of the doubt of course. Regardless, leaving a gaping hole like that isn't doing anyone any favours.

Title: Re: Antbleed: A remote shutdown backdoor in antminers
Post by: BillyBobZorton on April 26, 2017, 11:11:00 PM

Quote from: gentlemand on April 26, 2017, 10:41:14 PM

Quote from: BillyBobZorton on April 26, 2017, 10:39:15 PM

Who is naive enough to think this was only a mistake that was left there without fixing? Looks like an obvious kill-switch to me. Why did no one see this yet? Isn't firmware code open source? Im not sure how this works, so im going to need more data. But to me this sounds like a way for Jihan to be able to kill BTC at any given time. How the fuck we managed to not notice this earlier? this is a disaster. Imagine if Jihan got paid by PBOC trillions to brick all the ASICs at once...

Title: Re: Antbleed: A remote shutdown backdoor in antminers
Post by: achow101 on April 26, 2017, 11:16:31 PM

Quote from: BillyBobZorton on April 26, 2017, 11:11:00 PM

Who is naive enough to think this was only a mistake that was left there without fixing?

In order to remain objective, I gave them the benefit of the doubt and assumed no malice (I'm pretty sure gentlemand is quoting me from my responses on reddit).

Quote from: BillyBobZorton on April 26, 2017, 11:11:00 PM

Looks like an obvious kill-switch to me. Why did no one see this yet? Isn't firmware code open source? Im not sure how this works, so im going to need more data. But to me this sounds like a way for Jihan to be able to kill BTC at any given time. How the fuck we managed to not notice this earlier? this is a disaster. Imagine if Jihan got paid by PBOC trillions to brick all the ASICs at once...

The firmware is fairly difficult to read. The code paths involved here are quite odd and not really intuitive, although once you know what you are looking for, it is fairly obvious. The phone home code was well known beforehand as that is fairly obvious, but that it can cause a remote stopping of mining was unknown.

Title: Re: Antbleed: A remote shutdown backdoor in antminers
Post by: Quantus on April 26, 2017, 11:29:28 PM

Holy shit

Quote

So Sergio and Slush both noticed that there's a remote code execution vulnerability in this backdoor. The backdoor has NO authentication, so any MITM attacker or DNS attacker can trigger it.
With remote code execution you can reflash the firmware on those miners, and once you do that you can permanently brick them. In fact, it's almost certain that you could permanently destroy the HW - I used to work as an electronics designer, and I did that by accident w/ bad firmware quite a few times.
So tl;dr: we have a backdoor that could permanently kill ~70% of the Bitcoin hashing power, and it can be triggered by anyone with MITM capability or the ability to change DNS records.

Makes one wonder what else we don't know, what we have overlooked...

Plz vote in my poll. "Is franky1 a shill?" https://bitcointalk.org/index.php?topic=1874675.0

Title: Re: Antbleed: A remote shutdown backdoor in antminers
Post by: anonymoustroll420 on April 26, 2017, 11:33:33 PM

This is absolutely fucked. I think there is a real good argument to be made to change the PoW algorithm to something that is harder to build custom hardware for, something like Cuckoo Cycle. This is only the beginning of shit like this, it'll only get worse from here on. For the first time since 2011, I am bearish on the future of Bitcoin. We really need to address the problem of mining centralization, this is our biggest threat right now and it's not an easy one to fight.

Title: Re: Antbleed: A remote shutdown backdoor in antminers
Post by: anonymoustroll420 on April 26, 2017, 11:35:51 PM

Quote from: BillyBobZorton on April 26, 2017, 11:11:00 PM

But to me this sounds like a way for Jihan to be able to kill BTC at any given time. How the fuck we managed to not notice this earlier? this is a disaster. Imagine if Jihan got paid by PBOC trillions to brick all the ASICs at once...

Not even just Jihan. The code doesn't properly authenticate the server. Any random asshole with MITM can switch off ASIC's. The chinese government could turn off all antminers GLOBALLY using the Chinese firewall to MITM the phone home connections. Anyone in the world with access to a BGP router can do it. Anyone who can MITM the connection between the ASIC and bitmain can do it.

Title: Re: Antbleed: A remote shutdown backdoor in antminers
Post by: MingLee on April 26, 2017, 11:37:45 PM

Holy moly dude, why did they have to try and make some kind of interlinking network system for their hardware? Why couldn't they have left it like it was before? Enough people were able to use it that I don't see why they would have to change it for any reason.
Whatever. It's not like I can change anything by posting on a forum. I just hope they fix it up and stop trying to do stuff like this. Otherwise it might get worse when it comes to exploits.

Title: Re: Antbleed: A remote shutdown backdoor in antminers
Post by: NotFuzzyWarm on April 26, 2017, 11:39:14 PM

....
This is very very old 'news' and been mentioned lord how many times in the past.
As mentioned earlier it was for the Minerlink service. The early s7's used to have a page on the Bitmain GUI to set it, was removed after maybe batch-10 or so.

Like ANY remote monitor program/service (Awesome Miner comes to mind) the miners must periodically be polled to see how they are doing. Only difference here is it was a cloud service and ran by Bitmain.

As posted earlier: If ya don't like it just re-direct the query to localhost. 'Problem' solved.

Yes for whatever reason, the code still remains and YES Bitmain should remove it since it serves no purpose and is a needless 'possible feature'.

Title: Re: Antbleed: A remote shutdown backdoor in antminers
Post by: ebliever on April 26, 2017, 11:40:04 PM

1. We should give BitMain the benefit of the doubt, but we should also demand answers to hard questions. Once the original functionality was no longer viable it really should have been eliminated via a firmware upgrade. Why didn't they recognize this vulnerability and act to protect their customers?

2. A sudden change of PoW would be catastrophic and should not be an option. However, a roadmap to a non-ASIC future should be considered, with the shift happening ~1 year out to give current miners time to ROI with current hardware.

Title: Re: Antbleed: A remote shutdown backdoor in antminers
Post by: adaseb on April 26, 2017, 11:56:18 PM

Do these miners really represent 70% of all the global hashrate?

I am sure they are people still mining with Antminer S2 with free power at their dorm or people got some SP30 running in some cheap power areas.

Title: Re: Antbleed: A remote shutdown backdoor in antminers
Post by: NotFuzzyWarm on April 26, 2017, 11:56:50 PM

And antbleed.com needs to modify their statements about what miners have it. I will verify tomorrow but am POSITIVE my few remaining batch-1, 3, and 5 s7's have the MinerLink option in the GUI.

Title: Re: Antbleed: A remote shutdown backdoor in antminers
Post by: BillyBobZorton on April 26, 2017, 11:58:15 PM

Quote from: frodocooper on April 26, 2017, 11:15:12 PM

Quote from: BillyBobZorton on April 26, 2017, 10:39:15 PM

There is already an easy way to mitigate the risks associated with Antbleed (http://www.antbleed.com/), as pointed out earlier in this thread:

Quote

How Can I Protect Myself?

The easiest way to make sure your Antminer is not vulnerable to this backdoor is to add the following to your /etc/hosts on the device to

Code:

127.0.0.1 auth.minerlink.com

This will cause the Antminer to connect to your own local machine bypassing the check-in with Bitmain without interrupting normal mining behavior.

Furthermore, Bitcoin currently has a market cap of close to $21 billion. To rush into knee-jerk reactions like changing Bitcoin's proof-of-work algorithm would be catastrophic for Bitcoin and the people who rely on it. Take the Venezuelans, for example (https://bitcoinmagazine.com/articles/bitcoin-in-south-america-why-venezuela-has-an-active-bitcoin-mining-community-1452097837/). They have turned to Bitcoin mining, at great risk of arrest, to make for themselves a living in response to Venezuela's intensifying political turmoil and rapidly contracting economy (http://www.aljazeera.com/indepth/features/2017/04/venezuelans-turned-bitcoin-mining-170415124105593.html). To suddenly change Bitcoin's proof-of-work algorithm would mean pulling the rug out from under their feet and leave them hanging at the mercy of their government's failures.

It would therefore be wise to consider the greater global landscape of Bitcoin and the people who rely on it before pushing for unnecessarily risky moves.

How is sitting under a ground that is 70% filled with mines not a risky move? I don't think you are considering the gravity of the situation.

If we don't wipe the ASIC nonsense out, what are we doing but delaying the problem?

How long until such a thing happens again, goes unnoticed, but they decide brick the entire network?

At the same time, I understand changing the PoW is an huge problem within itself....

Honestly there is no easy way out. We should have taken care of this earlier, now there is no easy way out from this mess. So pick your poison.

Title: Re: Antbleed: A remote shutdown backdoor in antminers
Post by: Viscount on April 26, 2017, 11:58:37 PM

I don't see BTU shills here. Appears not only Bitmain has an Antbleed and could shutdown antminers, but they also have a Shillbleed and can disable/anable their shills on demand. ::)

Title: Re: Antbleed: A remote shutdown backdoor in antminers
Post by: achow101 on April 27, 2017, 12:11:29 AM

Quote from: NotFuzzyWarm on April 26, 2017, 11:39:14 PM

Quote from: NotFuzzyWarm on April 26, 2017, 11:56:50 PM

And antbleed.com needs to modify their statements about what miners have it. I will verify tomorrow but am POSITIVE my few remaining batch-1, 3, and 5 s7's have the MinerLink option in the GUI.

This issue is unrelated to minerlink even though it uses the same domain. It is not a user configurable option, there is nothing in any user interface (be that GUI or command line) to enable or disable this phone home and remote kill. The URL and port are entirely hard coded into the software, and the loop that does the phone home will always run. This is not Minerlink where you had the option to use it. This phone home will occur regardless of whether you use minerlink or not.

Title: Re: Antbleed: A remote shutdown backdoor in antminers
Post by: FiendCoin on April 27, 2017, 12:16:53 AM

Quote from: Viscount on April 26, 2017, 11:58:37 PM

I don't see BTU shills here. Appears not only Bitmain has an Antbleed and could shutdown antminers, but they also have a Shillbleed and can disable/anable their shills on demand. ::)

Man, I was thinking the same thing, where's franky and jonald?

Title: Re: Antbleed: A remote shutdown backdoor in antminers
Post by: freedomno1 on April 27, 2017, 12:19:33 AM

That is an interesting setting in there your right this is an exploit.
Hopefully the exploit does not result in a mining brick but seeing there is an economic incentive its concerning.

Title: Re: Antbleed: A remote shutdown backdoor in antminers
Post by: cellard on April 27, 2017, 12:32:10 AM

This seals the deal. Jihan Wu is not some bright kid that started an empire by himself. This has been a Chinese government funded takeover by default to control bitcoin. Are we going to let them get away with it?

I know PoW change is an huge deal, but isn't doing nothing worse in the long term? Wake up people.

Title: Re: Antbleed: A remote shutdown backdoor in antminers
Post by: ebliever on April 27, 2017, 01:46:59 AM

Quote from: kingcolex on April 27, 2017, 01:18:38 AM

The issue of voting with your wallet when it comes to mining equipment is that whoever sells the best possible chance at ROI will dominate and with the Chinese labor and access of materials it's going to be Bitmain.

I agree. That's why I think this has to be handled with an algorithm change. Which frankly scares me with something on the economic scale of Bitcoin. Except that doing nothing with things as they are scares me worse.

Title: Re: Antbleed: A remote shutdown backdoor in antminers
Post by: Sadlife on April 27, 2017, 02:02:13 AM

So basically when you are signalling for some block like
BU or Segwit they can force stop whatever the block your mining
that is not favorable to them. That explains everything you probably change your mining software if it's antminer.

Title: Re: Antbleed: A remote shutdown backdoor in antminers
Post by: franky1 on April 27, 2017, 02:03:07 AM

Quote from: kingcolex on April 27, 2017, 12:18:33 AM

Quote from: FiendCoin on April 27, 2017, 12:16:53 AM

Quote from: Viscount on April 26, 2017, 11:58:37 PM

I don't see BTU shills here. Appears not only Bitmain has an Antbleed and could shutdown antminers, but they also have a Shillbleed and can disable/anable their shills on demand. ::)

Man, I was thinking the same thing, where's franky and jonald?

They are still translating the excuse from Chinese into English but can't figure out how to spin "BTCU or we kill your miners" in a positive light.

mention my name and i appear.
i was going to keep myself quiet because this indeed is a exploit risk unlike asicboost which is a efficiency

anyway achow and frodocooper the antbleed website has explained the issue and the fix

but as you all aware i do like to waffle my opinion when i can. which i was going to hold back on due to this topic originally being an actual risk that needs highlighting without derailing the topic.
but my name was mentioned.

seeing as the OP and first couple posts of topic has the fix aswell as an explaination and people have already started derailing the topic with "kill asics now" "PoW change" "sitting on landmines" we might aswell consider all posts just "post bumps" to keep the topic on front page so people tomorrow and so on know of the issue.

anyway
if you want to change PoW
then that involves a proper network consensus upgrade, which is a great opportunity to then do things properly like a 1merkle segwit which would give a 4mb baseblock and not need the 1mb base 4mb weight tier network cesspit creating crap.

(id prefer the 4mb block to be dynamic to not rely on any dev team to spoon feed limits in future)
aswell as a opportunity to really handle quadratics by keeping maxtxsigops down, eg:4k or below so that the native key users dont gain more spammer causing headache (0.14: maxtxsigops 16k)

thus getting the community everything everyone wants. where native key users get 4mb block and segwit key users get to use segwit where everyone on the same level playing field.

yep no more core tier network concern.
no more band camp debate. but finally a community peer network not filled with half gestures and empty promises

P.S
you can try pigeon holing me into "chinese" or "btcu" all you want.
my opinion is about open diverse decentralised single peer network of many implementations. which has not changed in years

if the only thing you can do is try turning this topic into a "hate the chinese"(as a country) or point fingers at anything not core. then thats your bias.

but if you just want to waste a oppertunity of a proper ful network consensus upgrade just to kill asics. just realise that within a couple months the utopian dream asic killers think they will get of solo mining from their basement again wont last long because someone somewhere will find efficiency methods of any new system and within 6 months the its back to a new form of pool/syndicate/sybil mining groups

Title: Re: Antbleed: A remote shutdown backdoor in antminers
Post by: gentlemand on April 27, 2017, 02:07:05 AM

Quote from: kingcolex on April 27, 2017, 01:57:47 AM

I think the only true thing that would push the main chain into a fully supported algorithm change is finding out the Chinese government is in control of Bitmain.

Half in the bag already? I can't imagine any large business in China gets anywhere without some government heavy breathing.

Title: Re: Antbleed: A remote shutdown backdoor in antminers
Post by: franky1 on April 27, 2017, 02:27:54 AM

Quote from: kingcolex on April 27, 2017, 02:16:10 AM

I wasn't specifically calling you out or Jonald but more or less the many btcu shills while quoting the other reply, and the Chinese thing is because Jihan is Chinese and he is willing to throw money around to get his way.

I don't want a pow change I would like there to definitely be more asic producers and them come from all around the world. The issue is the production is just going to be cheaper in China due to the many factories and cheap labor, the other issue is Jihan buying out his competition there. I don't mine Bitcoin directly anymore because it's just past me with noise and power consumption for a home miner, but I do worry about the network. Jihan seems like a bad player in the Bitcoin world and it seems like he is starting to sabre rattle to protect his interest and this could just be a new weapon in his arsenal especially with all future miners.

Along with the fix we know large mines won't take down their miners and flash them, too much work for a large mine until an attack happens.

you may realise other countries are in the manufacturing game and its not (current 67% nay/abstainers) of asics are bitmain or chinese.
thats the reddit hysteria of blaming the segwit nays'/abstaining on one person(illogical facepalm).

many people who are independent like myself who just think critically rather than ass kissery see some flaws in segwits 2 merkle approach. even gmax sees now that 2merkle approach has hit issues last month

looking deeper at the matter i can see a few countries with low labour, low facility costs and low electric costs. and some manufacturers are already using them.

but it does not matter about blaming china(as a country).. what people should be doing is defending a decentralised diverse peer network not just pointing fingers to find excuses of why bitcoin should centralise to one one brand by pretending its getting attacked by another brand

it might be worth you taking a step back from the reddit hysteria of blaming the (current 67% nay/abstainers) on jihan because those numbers dont rationally add up,
the community is wider than that

Title: Re: Antbleed: A remote shutdown backdoor in antminers
Post by: freedomno1 on April 27, 2017, 02:40:26 AM

Quote from: kingcolex on April 27, 2017, 12:24:30 AM

Quote from: freedomno1 on April 27, 2017, 12:19:33 AM

That is an interesting setting in there your right this is an exploit.
Hopefully the exploit does not result in a mining brick but seeing there is an economic incentive its concerning.

They can go full censorship too, anyone who is pro segwit or has been posting anti Bitmain things could get their miner turned off. They link the miner to their customer records and I am sure they are able to find via email and a small bit of googling their Bitcointalk or Reddit username.

I was thinking along the lines of if your not mining and if someone hacks minerlink and turns off all the not patched antiminer's for a while the odds of generating a new block go up relative to the decrease in difficulty until they turn them on again. But true enough specific targeted attacks could change signalling kind of like finding a bug in the nodes you can turn them off for a few days only this could also brick stuff and take the hash out of the game.

The key thing is changing the manual hosts entry to 127.0.0.1 auth.minerlink.com since phone home is hardcoded ... what a PITA at least what I get from reading that reddit and the related posts here.
https://www.reddit.com/r/Bitcoin/comments/67qwqv/antbleed_exposing_the_malicious_backdoor_on/dgsk6cf/
(Speaking of Tesla and the current patch I wonder if you can change the host file to phone home to the Tesla car instead ha-ha)

Since a staff posted the OP I agree with Franky posts go to increase awareness of a patch than keeping the thread silent.

Title: Re: Antbleed: A remote shutdown backdoor in antminers
Post by: jonald_fyookball on April 27, 2017, 03:16:18 AM

like someone said... very old news,

minerlink is disabled by default...

... and most miners only allow outbound traffic from their rig to go to pool stratum anyway, not to Bitmain or anyone else.

just more pointless FUD.

Title: Re: Antbleed: A remote shutdown backdoor in antminers
Post by: achow101 on April 27, 2017, 03:28:42 AM

Quote from: jonald_fyookball on April 27, 2017, 03:16:18 AM

like someone said... very old news,

minerlink is disabled by default...

As I said earlier, this is completely unrelated to minerlink except for the fact that it shares a domain name. The phone home code runs regardless of user input or settings.

Quote from: jonald_fyookball on April 27, 2017, 03:16:18 AM

... and most miners only allow outbound traffic from their rig to go to pool stratum anyway, not to Bitmain or anyone else.

Sure larger mining farms might have something like that, but for the casual "I have have cheap electricity so I got a couple R4's/S9's" miner, I highly doubt they have such settings. Those who still mine from home with antminers are vulnerable. Additionally, most networking stuff by default doesn't restrict outbound connections, so unless the miner was specifically concerned about something already on a machine inside the network sending something out of the network, this default would not be changed.

Title: Re: Antbleed: A remote shutdown backdoor in antminers
Post by: jonald_fyookball on April 27, 2017, 03:41:05 AM

Achow, are you saying antbleed is not miner link at all? But completely different code?

Title: Re: Antbleed: A remote shutdown backdoor in antminers
Post by: achow101 on April 27, 2017, 03:45:43 AM

Quote from: jonald_fyookball on April 27, 2017, 03:41:05 AM

Achow, are you saying antbleed is not miner link at all? But completely different code?

It may be related to minerlink, but it itself is not governed by minerlink. It does its own entirely separate thing. However it could potentially be used by minerlink to remotely stop an antminer from mining, but the way that they implemented that is rather odd and convoluted so it seems unlikely. Perhaps it was meant for something else related to minerlink but was never completed.

Title: Re: Antbleed: A remote shutdown backdoor in antminers
Post by: pooya87 on April 27, 2017, 03:52:56 AM

the first thing that came to my mind after reading this was a question! "Why now". why is it that these days, all these news about mining, miners' equipment, backdoor, boost, etc are coming out. ASICs weren't created yesterday!

Title: Re: Antbleed: A remote shutdown backdoor in antminers
Post by: achow101 on April 27, 2017, 04:05:32 AM

Quote from: pooya87 on April 27, 2017, 03:52:56 AM

A lot of it is probably due to people wanting to find as many ways to discredit someone else, i.e. some Core supporters looking to discredit BU, Bitmain, etc. and some BU supporters looking to discredit Core. Some of it is likely from projects that were started several months ago but only now reached their conclusion (like reverse engineering an asic and related closed-source firmware for asicboost as that takes a long time).

Title: Re: Antbleed: A remote shutdown backdoor in antminers
Post by: franky1 on April 27, 2017, 04:17:05 AM

Quote from: pooya87 on April 27, 2017, 03:52:56 AM

its because segwit as a softfork has last month been found to hit a hurdle, so now people are hurrying to find any reason to push mining aside to drag segwit in without having to change segwit as a soft fork.(even though segwit is not even active and can easily be redone as a proper community uniting version that includes other features the community desire.. rather than the tier network cesspit version)

funny part is that segwit is using its own backdoor (going soft) to bypass node consensus and its admitted that they want to make it easier to implement changes even easier in the future. (code backdoors that outsiders can exploit to add in their own features by 'going soft')

EG imagine if hearne coded segwit as a soft fork(line for line the same) and said how he wants to add more ways to add new things in without node consensus, would you remain positive about it?

EG imagine if hearne tried to blame pools for holding things back(after giving only pools the vote) and wanted to find ways to ban/orphan blocks/pools based on brand bias.. not tx/block validity

Title: Re: Antbleed: A remote shutdown backdoor in antminers
Post by: Amph on April 27, 2017, 06:00:32 AM

can this backdoor be used for malicious things? to steal funds or something?

Quote from: adaseb on April 26, 2017, 11:56:18 PM

i can't see why not, they are the best one, and it also make sense because it match the percentage of chinese miners, which is around 70%, probably all pool are running s9 now

if someone else is running s5 or s7, would be a very minority, and i'm actually surprised that there are 30% of miners running those old one

Title: Re: Antbleed: A remote shutdown backdoor in antminers
Post by: arklan on April 27, 2017, 06:47:06 AM

small clarification question: IF we did end up deciding a POW change was needed, wouldn't that require a hard fork? like, even more-so than any aspect of the scaling debate?

serious question. how could we possibly ever change the algo at this point? we know full well unless it was 100% proven broken we'd never get agreement a change was needed, and even if that happened, we'd never get agreement on WHAT to change to.

Title: Re: Antbleed: A remote shutdown backdoor in antminers
Post by: Mallyx on April 27, 2017, 07:05:18 AM

Quote from: arklan on April 27, 2017, 06:47:06 AM

small clarification question: IF we did end up deciding a POW change was needed, wouldn't that require a hard fork? like, even more-so than any aspect of the scaling debate?

Yes and yes.

Quote

serious question. how could we possibly ever change the algo at this point? we know full well unless it was 100% proven broken we'd never get agreement a change was needed, and even if that happened, we'd never get agreement on WHAT to change to.

Well, if that happen, it will be done in an emergency.
It may happen if the chain split, and the Core side is being attacked and vulnerable.
I think some few devs are already working on this in case we need to deploy the PoW HF.
It's still an extreme scenario.

Title: Re: Antbleed: A remote shutdown backdoor in antminers
Post by: freedomno1 on April 27, 2017, 07:33:18 AM

Quote from: arklan on April 27, 2017, 06:47:06 AM

small clarification question: IF we did end up deciding a POW change was needed, wouldn't that require a hard fork? like, even more-so than any aspect of the scaling debate?

Yes a hard fork would be required for any changes to the scrypt algo.

Quote from: arklan on April 27, 2017, 06:47:06 AM

In the distant future the cryptographic proof will all need to be changed as ECDSA will become insecure but it is presumed to be secure until 2050.
In addition at some point we will need to slowly transition in a scrypt change on SHA-256 to what I presume will be SHA-3 if weaknesses are discovered in 256 but it will be well before it is 100% Broken. This is all speculation though and until any advantages to Sha-3 vs 256 affecting cryptanalytic attacks are found it is not a concern.
But I can imagine the fracas then although the logic that one hard fork doing a lot of things at once is better than 100 mini hard-forks for every little thing from 2013 still has weight.

Either way were far off from those forks we just need to look at the one now ^^.

https://bitcointalk.org/index.php?topic=146191.0
https://bitcointalk.org/index.php?topic=120473.msg1301958#msg1301958
https://books.google.ca/books?id=UsRsCQAAQBAJ&pg=PA128&lpg=PA128&dq=ecdsa+secure+till+2050&source=bl&ots=9qMTUSGSOG&sig=-qIrJ-MDblLYsdXV5oJMh-mimKA&hl=en&sa=X&ved=0ahUKEwiUoo-5jMTTAhUY92MKHSv_BKMQ6AEIMDAC#v=onepage&q=ecdsa%20secure%20till%202050&f=false
http://blog.oleganza.com/post/42523601710/how-to-steal-all-coins

Title: Re: Antbleed: A remote shutdown backdoor in antminers
Post by: anonymoustroll420 on April 27, 2017, 08:35:59 AM

Quote from: jonald_fyookball on April 27, 2017, 03:16:18 AM

minerlink is disabled by default...

You don't understand. This phones home to the server every 10 minutes, and if the server says "false", it shuts down. Thats it. It can't be switched off on the miner, it will always try to phone home and always shutdown if it receives the command. Only way to turn it off is to block bitmains server with a firewall.

Title: Re: Antbleed: A remote shutdown backdoor in antminers
Post by: Rabinovitch on April 27, 2017, 10:05:57 AM

Quote from: eaLiTy on April 26, 2017, 10:03:05 PM

This is the fruits of monopoly and nothing can be done against it , which is ridiculous.

Just buy some other hardware of some other vendor. What is the problem? The problem is that most private (and even wide-scaled) miners are greedy, they need shortest possible ROI, maximum possible profit, at any cost. Even at the cost of their own safety and calmness...

Title: Re: Antbleed: A remote shutdown backdoor in antminers
Post by: gentlemand on April 27, 2017, 12:19:56 PM

https://blog.bitmain.com/en/antminer-firmware-update-april-2017/

Patched.

I think this is just one of many unintentional holes out there waiting to be found. One day something will be uncovered by someone who's only out for the lulz.

Title: Re: Antbleed: A remote shutdown backdoor in antminers
Post by: Lauda on April 27, 2017, 12:22:44 PM

Quote from: gentlemand on April 27, 2017, 12:19:56 PM

Nonsense. This code does what it was intended to do, therefore not a bug per definition. This makes them even look more ridiculous.

https://i.imgur.com/gROGsDD.png

Classic example of a shill:

https://i.imgur.com/ib2xnNn.png

Title: Re: Antbleed: A remote shutdown backdoor in antminers
Post by: franky1 on April 27, 2017, 12:39:04 PM

Quote from: Lauda on April 27, 2017, 12:22:44 PM

Quote from: gentlemand on April 27, 2017, 12:19:56 PM

Nonsense. This code does what it was intended to do, therefore not a bug per definition. This makes them even look more ridiculous.

https://i.imgur.com/gROGsDD.png

Classic example of a shill:

https://i.imgur.com/ib2xnNn.png

1. if any brand thats not blockstream wanted to kill bitcoin they would have pulled the pin already or atleast set deadlines
2. only blockstream have the bomb and set deadlines and actual threats to the network

3. gmax found out his going soft consensus bypass was not a 'sure thing' then last month found out it hit a not so compatible afterall wall. so has now intensivied the follow blockstream demands or else strategy by employing samson mow as the UASF guy so that gmax can push segwit without taking all the flack. yup samson is the pawn to protect the queen

Title: Re: Antbleed: A remote shutdown backdoor in antminers
Post by: Lauda on April 27, 2017, 12:41:42 PM

Quote from: franky1 on April 27, 2017, 12:39:04 PM

1. if any brand thats not blockstream wanted to kill bitcoin they would have pulled the pin already or atleast set deadlines

They can't kill it, they can only harm it or attempt to kill/harm/control it. That's the whole point.

Quote from: franky1 on April 27, 2017, 12:39:04 PM

2. only blockstream have the bomb and set deadlines and actual threats to the network

Which is completely far-fetched from reality. Statements like these prove that you're either a delusional individual or a paid shill. Choose the lesser evil.

Quote from: franky1 on April 27, 2017, 12:39:04 PM

3. gmax found out his going soft consensus bypass was not a 'sure thing' then last month found out it hit a not so compatible afterall wall. so has now intensivied the follow blockstream demenads or else strategy by employing samson mow as the UASF guy so that gmax can push segwit without taking all the flack. yup samson is the pawn to protect the queen

This has no relevance to my post, the thread or anything at all actually (putting aside it being nonsensical).

Title: Re: Antbleed: A remote shutdown backdoor in antminers
Post by: franky1 on April 27, 2017, 12:50:24 PM

Quote from: Lauda on April 27, 2017, 12:41:42 PM

Quote from: franky1 on April 27, 2017, 12:39:04 PM

2. only blockstream have the bomb and set deadlines and actual threats to the network

Which is completely far-fetched from reality. Statements like these prove that you're either a delusional individual or a paid shill.

bip 9
deadline from november 2016 - november 2017

Quote from: gmaxwell on December 28, 2016, 05:40:35 AM

BIP9 changed to a new quorum sensing approach that is MUCH less vulnerable to false triggering, so 95% under it is more like 99.9% (C) under the old approach. basically when it activates, the 95% will have to be willing to potentially orphan the blocks of the 5% that remain(B)
If there is some reason when the users of Bitcoin would rather have it activate at 90% ... then even with the 95% rule the network could choose to activate it at 90% just by orphaning the blocks of the non-supporters until 95%+ of the remaining blocks signaled activation.(A)

a->b->c

UASF deadline from august 2017 to november 2017

if there are still nay sayers.. a mandatory activation by late 2018

blockstream cannot take no for an answer
instead of doubling down on threats.. the blockstream team and fanboys should think of plan B
if they are going to pull a pin actually recode sgwit to be 1 merkle and a proper network wide 4mb that is also dynamic and add other community desird features.
dont waste the blockstream triggered hard fork event if soft fails to activate, purely to push opposition away, use it to unite the community with proper non cesspit creating network

Title: Re: Antbleed: A remote shutdown backdoor in antminers
Post by: franky1 on April 27, 2017, 12:56:54 PM

Quote from: Lauda on April 27, 2017, 12:41:42 PM

Quote from: franky1 on April 27, 2017, 12:39:04 PM

This has no relevance to my post, the thread or anything at all actually (putting aside it being nonsensical).

this topic is about finding a bug in anything thats not in full core support. where the core group are trying to find any excuse to pull the UASF pin on pools to get their way

Title: Re: Antbleed: A remote shutdown backdoor in antminers
Post by: Lauda on April 27, 2017, 01:09:06 PM

Quote from: franky1 on April 27, 2017, 12:50:24 PM

bip 9
deadline from november 2016 - november 2017

Describing what could happen has nothing to do with threats, bombs or anything that you've specified. BIP9 is much better than the previous way of activating soft forks (if miners are acting rationally, which currently they are not).

Quote from: franky1 on April 27, 2017, 12:50:24 PM

UASF deadline from august 2017 to november 2017

Core has nothing to do with UASF.

Quote from: franky1 on April 27, 2017, 12:50:24 PM

if they are going to pull a pin actually recode sgwit to be 1 merkle and a proper network wide 4mb that is also dynamic and add other community desird features.
dont waste the blockstream triggered hard fork event if soft fails to activate, purely to push opposition away, use it to unite the community with proper non cesspit creating network

Nonsense from you, yet again.

Quote from: franky1 on April 27, 2017, 12:56:54 PM

this topic is about finding a bug in anything thats not in full core support. where the core group are trying to find any excuse to pull the UASF pin on pools to get their way

Proof that Core found this/exposed it? Oh right, there isn't any.

Title: Re: Antbleed: A remote shutdown backdoor in antminers
Post by: Techray on April 27, 2017, 01:53:07 PM

Quote from: NotFuzzyWarm on April 26, 2017, 11:39:14 PM

One purpose of the feature is that it can remotely turn off the miner if it is stolen. Is that a good feature?

Title: Re: Antbleed: A remote shutdown backdoor in antminers
Post by: pereira4 on April 27, 2017, 02:00:56 PM

https://ip.bitcointalk.org/?u=http%3A%2F%2Fi.imgur.com%2Fib2xnNn.png&t=576&c=OC-lDjgqk4tzvA

Lmao. This pretty much invalidates anything jonald the troll says from now on. The blocksize obsessed trolls/paid shills can't see beyond what number the blocksize has.
A guy has a mining monopoly capable of killing the network? Who cares, just raise the blocksize!!
Those trolls should be banned.

Title: Re: Antbleed: A remote shutdown backdoor in antminers
Post by: achow101 on April 27, 2017, 02:04:02 PM

Bitmain has officially reponded: https://blog.bitmain.com/en/antminer-firmware-update-april-2017/

They claim that it was intended to be a feature but was never completed. The code in question has been removed from some of the publicly available sources on Github and in the firmware update they published.

Title: Re: Antbleed: A remote shutdown backdoor in antminers
Post by: franky1 on April 27, 2017, 02:06:41 PM

Quote from: pereira4 on April 27, 2017, 02:00:56 PM

A guy has a mining monopoly capable of killing the network?

if you think jihan owns the whole 9time of posting) 67% nay sayer/abstainers.. then maybe its time you done some research

i find it funny how all the blockstreamists are throwing around the 70% 'control' and blame jihan, bomb jihan bomb china, without doing any realistic and rational thinking

reddit scripts are sounding too much like fox new scripts these days..

western countries wants the middle-east (1900-2000)
western countries bomb the middle east (otterman war-iraq/gulf wars)
middle east fight back
western countries throw a victim card and do the fox news media stories of 'bomb them, bomb them bomb them'

blockstream wants bitcoin as theirs, where blockstream is the engine and at the centre of bitcoin.. at its 'core'
blockstream REKT anything outside of blockstream support
anything outside of blockstream support fight back
blockstream throw a victim card and do the reddit script stories of 'bomb them, bomb them bomb them'

Title: Re: Antbleed: A remote shutdown backdoor in antminers
Post by: achow101 on April 27, 2017, 02:11:34 PM

Quote from: franky1 on April 27, 2017, 02:06:41 PM

if you think jihan owns the whole 9time of posting) 67% nay sayer/abstainers.. then maybe its time you done some research

No one claims that Jihan directly controls 70% of the hashrate. Rather the claim is that 70% of the hashrate is using Bitmain's hardware. With this vulnerability, they (or anyone who can MITM or DNS hijack) can stop all of that hashrate from mining.

Title: Re: Antbleed: A remote shutdown backdoor in antminers
Post by: franky1 on April 27, 2017, 02:14:16 PM

Quote from: achow101 on April 27, 2017, 02:11:34 PM

the claim is that 70% of the hashrate is using Bitmain's hardware.

proof of claim? please dont refer to reddit or twitter

P.S achow, remember last year i presented the anyonecanspend issue and for a month you said it was nothing.

now ask yourself a year later
1. why is core is coded to prevent old nodes (downstream) from getting unconfirmed segwit keys
2. why is core is coded to prevent old pools allowed to add a segwit tx in a non segwit block

:D have a nice day.. it only took months for them to realise the risks and then change a few things, including waiting till way after segwit activates before releasing the wallet activated version of segwit on mainnet

p.p.s
are you and lauda still making money from people with core issues, and not even bothering to report the issue to core to fix so fture people dont run into the issue?

Title: Re: Antbleed: A remote shutdown backdoor in antminers
Post by: achow101 on April 27, 2017, 02:17:13 PM

Quote from: franky1 on April 27, 2017, 02:14:16 PM

Quote from: achow101 on April 27, 2017, 02:11:34 PM

the claim is that 70% of the hashrate is using Bitmain's hardware.

proof of claim? please dont refer to reddit or twitter

I have no proof of that claim, nor do I claim that it is true. I am simply stating that that is what people are saying, not that they are saying that Bitmain directly controls that much hashpower (which is what you said).

Title: Re: Antbleed: A remote shutdown backdoor in antminers
Post by: Darkbot on April 27, 2017, 02:35:45 PM

Quote from: pereira4 on April 27, 2017, 02:00:56 PM

+1

Here we have it R.I.P BU Troll Jonald Fyookball and paid shill Franky1.

Title: Re: Antbleed: A remote shutdown backdoor in antminers
Post by: tobacco123 on April 27, 2017, 03:05:59 PM

Is this the main reason of the drastic drop in BU hashing rate, and the increase in price over these two days? Has Jihan provided any argument or explanation?

Title: Re: Antbleed: A remote shutdown backdoor in antminers
Post by: Nagadota on April 27, 2017, 03:20:47 PM

Quote from: achow101 on April 27, 2017, 02:17:13 PM

Quote from: franky1 on April 27, 2017, 02:14:16 PM

Quote from: achow101 on April 27, 2017, 02:11:34 PM

the claim is that 70% of the hashrate is using Bitmain's hardware.

proof of claim? please dont refer to reddit or twitter

Seems pretty likely though, considering just how dominant BITMAIN is over that industry (very).

No one could realistically claim that BITMAIN don't have too much control. If they managed to cause a problem with other people's miners (which they probably could) they could use their own vast mining power to do a 51% attack.

Decentralisation is necessary in all aspects of Bitcoin.

Title: Re: Antbleed: A remote shutdown backdoor in antminers
Post by: leopard2 on April 27, 2017, 06:59:27 PM

Quote from: Darkbot on April 27, 2017, 02:35:45 PM

Quote from: pereira4 on April 27, 2017, 02:00:56 PM

+1

Here we have it R.I.P BU Troll Jonald Fyookball and paid shill Franky1.

Is that for real? I was under the impression that Jonald was intelligent. "I don't care if Stalin is shady I like his uniform" ... holy crap :o

Title: Re: Antbleed: A remote shutdown backdoor in antminers
Post by: lurker10 on April 27, 2017, 07:30:44 PM

Bitmain fucked up, with no malice as is revealed by the open nature of their code on github. Malware writers do not publish their code for the whole world to see.

Their fuck-up does NOT make Segwit less dangerous and more acceptable. Segwit, BU - both of them are garbage and insecure solutions. Bitcoin should be left as a safe haven crypto with no changes to the protocol.

Title: Re: Antbleed: A remote shutdown backdoor in antminers
Post by: franky1 on April 27, 2017, 08:04:15 PM

Quote from: leopard2 on April 27, 2017, 06:59:27 PM

Is that for real? I was under the impression that Jonald was intelligent. "I don't care if Stalin is shady I like his uniform" ... holy crap :o

it would only be a worry if bitmain had a exploit against bitfury or bitfury had an exploit against bitmain..
but finding that bitmain "could" only access their own products and "if" they triggered anything they would end up with queues of refunds.. its not as big a deal as say a soft fork that bypasses real network consensus, to add code that if activated changes the network into a tier network without nodes consent/veto ability

Title: Re: Antbleed: A remote shutdown backdoor in antminers
Post by: Lauda on April 27, 2017, 09:39:00 PM

Quote from: leopard2 on April 27, 2017, 06:59:27 PM

Quote from: Darkbot on April 27, 2017, 02:35:45 PM

Quote from: pereira4 on April 27, 2017, 02:00:56 PM

+1

Here we have it R.I.P BU Troll Jonald Fyookball and paid shill Franky1.

Is that for real? I was under the impression that Jonald was intelligent. "I don't care if Stalin is shady I like his uniform" ... holy crap :o

Yes. Here's the archived version in case that the shill deletes their comments: https://archive.fo/SPPmJ

Quote from: lurker10 on April 27, 2017, 07:30:44 PM

Bitmain fucked up, with no malice as is revealed by the open nature of their code on github. Malware writers do not publish their code for the whole world to see.

This is a false conclusion fallacy. Just because they have published their code on GitHub that premise does not in any way follow to a logical conclusion of benevolent behavior. The backdoor exists in all miners, and can be exploited by malicious actors. Whether that actor is going to be Bitmain or someone else is not of high importance.

Title: Re: Antbleed: A remote shutdown backdoor in antminers
Post by: leopard2 on April 27, 2017, 09:58:59 PM

Quote from: franky1 on April 27, 2017, 08:04:15 PM

Quote from: leopard2 on April 27, 2017, 06:59:27 PM

Is that for real? I was under the impression that Jonald was intelligent. "I don't care if Stalin is shady I like his uniform" ... holy crap :o

I see. So you would buy a Chinese car, which can be disabled by the Chinese car manufacturer which in turn has close ties to Chinese government (and all Chinese companies have close ties, to say it very nicely)

And you would say "As long as Ford does not have the exploit against my car I am not worried", well maybe you should cut down on your happy pills LOL :D

With all those happy pills, you can, of course, not see the dangerous situation that would have arisen if a large portion of the worlds hash power could have been disabled instantly (various attacks possible, 51% and below) ::)

BTW refunds??!! From China??!!

Title: Re: Antbleed: A remote shutdown backdoor in antminers
Post by: leopard2 on April 27, 2017, 10:02:31 PM

Quote from: lurker10 on April 27, 2017, 07:30:44 PM

That is true, Jihad, Antbleed and Asicboost does not mean, Segwit (with blocksize limitation) is good.

Title: Re: Antbleed: A remote shutdown backdoor in antminers
Post by: -ck on April 27, 2017, 10:14:16 PM

Quote from: leopard2 on April 27, 2017, 10:02:31 PM

That is true, Jihad, Antbleed and Asicboost does not mean, Segwit (with blocksize limitation) is good.

Correct, segwit is good absolutely, not relatively.

Title: Re: Antbleed: A remote shutdown backdoor in antminers
Post by: Decoded on April 27, 2017, 10:29:49 PM

You'd think that if bitmain were to cease development on minerlink, they would remove all related code, or even announce that they are working on a fix.

Great to see there are people looking out for these exploits, but I think bitmain really screwed up here.

Title: Re: Antbleed: A remote shutdown backdoor in antminers
Post by: franky1 on April 27, 2017, 10:31:02 PM

Quote from: leopard2 on April 27, 2017, 09:58:59 PM

all i read is racial slurs against a country.
now to the real debate BITCOIN network code
long term view not temporary drama that is forgotton about after minutes/days

think about the big picture

Title: Re: Antbleed: A remote shutdown backdoor in antminers
Post by: Naokia980 on April 27, 2017, 10:32:19 PM

Quote from: franky1 on April 27, 2017, 10:31:02 PM

Quote from: leopard2 on April 27, 2017, 09:58:59 PM

all i read is racial slurs against a country.
now to the real debate BITCOIN network code
long term view not temporary drama that is forgotton about after minutes/days

think about the big picture

Big picture is alwasy cloudy. First start from low level and dont think about big picture ::)

Title: Re: Antbleed: A remote shutdown backdoor in antminers
Post by: franky1 on April 27, 2017, 10:35:31 PM

Quote from: Decoded on April 27, 2017, 10:29:49 PM

has anyone looked at bitcoin cores DNS seed managed by mainly blockstreamers

   vSeeds.push_back(CDNSSeedData("bitcoin.sipa.be", "seed.bitcoin.sipa.be", true)); // Pieter Wuille, only supports x1, x5, x9, and xd
   vSeeds.push_back(CDNSSeedData("bluematt.me", "dnsseed.bluematt.me", true)); // Matt Corallo, only supports x9
   vSeeds.push_back(CDNSSeedData("dashjr.org", "dnsseed.bitcoin.dashjr.org")); // Luke Dashjr

Title: Re: Antbleed: A remote shutdown backdoor in antminers
Post by: Lauda on April 27, 2017, 10:35:52 PM

Quote from: Decoded on April 27, 2017, 10:29:49 PM

Bitmain was active of this issue for several months, see GitHub: https://github.com/bitmaintech/bmminer/issues/7. They have only rushed to handle this once someone has been exposed to the wider public.

Quote from: franky1 on April 27, 2017, 10:31:02 PM

all i read is racial slurs against a country.

Facts != racial slurs.

Quote from: franky1 on April 27, 2017, 10:31:02 PM

long term view not temporary drama that is forgotton about after minutes/days

think about the big picture

Franky on ASICBOOST exposure: All is good. Ignore temporary drama.
Franky on AntBleed exposure: All is good. Ignore temporary drama.
Franky when someone mentions SegWit: "DOOMSDAY. TEMPORARY GESTURE. BLOCKSTREAM. BOMBS."
:D

Title: Re: Antbleed: A remote shutdown backdoor in antminers
Post by: leopard2 on April 27, 2017, 10:37:34 PM

Quote from: franky1 on April 27, 2017, 10:31:02 PM

Quote from: leopard2 on April 27, 2017, 09:58:59 PM

all i read is racial slurs against a country.

Godwin's law has been fulfilled, almost.

I now assume you are a shill, after all, calling critics racist is exactly what a shill would do to push his agenda. Thank you for the clarification. :)

Title: Re: Antbleed: A remote shutdown backdoor in antminers
Post by: franky1 on April 27, 2017, 10:47:54 PM

Quote from: Lauda on April 27, 2017, 10:35:52 PM

lol
lauda you make me laugh

segwit end user features that core promise and promote are the empty promise temporary gesture. but the tier network and control is less than temporary.
PS read the core code and documentation about biasedly rejecting blocks and disconnecting from nodes purely out of version bias, not out of rule validity.

its really time you took some time to read less of reddit and more of the actual details

Title: Re: Antbleed: A remote shutdown backdoor in antminers
Post by: franky1 on April 27, 2017, 10:51:17 PM

Quote from: leopard2 on April 27, 2017, 10:37:34 PM

I now assume you are a shill, after all, calling critics racist is exactly what a shill would do to push his agenda. Thank you for the clarification. :)

call me what you like.
but now you have go all the insults off your chest
go research and try seeing the big picture from the point of view of the bitcoin network.
dont wear the blockstream defence cap.
wear the critical thinking cap.

dont read the reddit scripts. read the code and documentation
again not with the utopian dreamer blockstream defence cap

look at the big picture, the long term picture.
and be truly critical.
maybe even worth you repeating to yourself "what if hearne coded this" just to keep your critical mind on track

i will just leave you with this thought.
knowing that changing PoW requires a network consnsus upgrade to achieve it

Quote from: franky1 on April 27, 2017, 12:50:24 PM

instead of doubling down on threats just to push segwit as is but done hard.. the blockstream team and fanboys should think of plan B
if they are going to pull a pin... actually recode segwit to be 1 merkle and a proper network wide 4mb that is also dynamic and add other community desird features.
dont waste the blockstream triggered hard fork event if soft fails to activate, purely to push opposition away, use it to unite the community with proper non cesspit creating network

Title: Re: Antbleed: A remote shutdown backdoor in antminers
Post by: Hydrogen on April 27, 2017, 10:53:01 PM

There's a webpage devoted to this topic..

http://antbleed.com

Its hard to tell what's true or not, but antbleed being associated with antpool which is one of the largest supporters of bitcoin unlimited.

And so maybe its not difficult to see where the politics come into play here, with many attempting to trivialize this due to them not wanting more criticism against BU.

Title: Re: Antbleed: A remote shutdown backdoor in antminers
Post by: Lauda on April 27, 2017, 11:02:32 PM

Quote from: leopard2 on April 27, 2017, 10:37:34 PM

Godwin's law has been fulfilled, almost.

I now assume you are a shill, after all, calling critics racist is exactly what a shill would do to push his agenda. Thank you for the clarification. :)

I've warned you already. You didn't listen to my posts; could have saved yourself some time.

Quote from: franky1 on April 27, 2017, 10:47:54 PM

Quote from: Lauda on April 27, 2017, 10:35:52 PM

Ironically you still don't even understand my post yet claim to read and actually understand the code (not even in fantasies). Both ASICBOOST and AntBleed are evil. Until you are willing to both accept and admit this fact, you are obviously very biased and/or paid. Politics and scaling aside, the statement about A&A is factual.

Quote from: Hydrogen on April 27, 2017, 10:53:01 PM

Its hard to tell what's true or not, but antbleed being associated with antpool which is one of the largest supporters of bitcoin unlimited.

It's very easy to see what's true. It takes <30 seconds. Stop shit posting for your campaign.

Title: Re: Antbleed: A remote shutdown backdoor in antminers
Post by: Hydrogen on April 27, 2017, 11:05:55 PM

Quote from: Lauda on April 27, 2017, 11:02:32 PM

It's very easy to see what's true. It takes <30 seconds. Stop shit posting for your campaign.

lol if you know the answer, tell me.

I know there's a backdoor. Is it an old backdoor? Is it relevent? There are standard backdoors in everything from hardware routers to iphones(I'm not certain many posting in this thread know that).

Not everyone has time to look at the specifics of the exploit & figure out whether it can be used to gain root access in a way that would allow someone to steal crypto or do some other nefarious deeds.

Title: Re: Antbleed: A remote shutdown backdoor in antminers
Post by: Lauda on April 27, 2017, 11:08:41 PM

Quote from: Hydrogen on April 27, 2017, 11:05:55 PM

lol if you know the answer, tell me.

How about you actually do some reading and then research before making useless posts? That's what you should be doing.

Quote from: Hydrogen on April 27, 2017, 11:05:55 PM

I know there's a backdoor. Is it an old backdoor?

It has been in existence for at least half a year (most likely longer).

Quote from: Hydrogen on April 27, 2017, 11:05:55 PM

Is it relevent?

Yes.

Quote from: Hydrogen on April 27, 2017, 11:05:55 PM

There are standard backdoors in everything from hardware routers to iphones(I'm not certain many posting in this thread know that).

False comparison fallacy. That's really not relevant.

Quote from: Hydrogen on April 27, 2017, 11:05:55 PM

Not everyone has time to look at the specifics of the exploit & figure out whether it can be used to gain root access in a way that would allow someone to steal crypto or do some other nefarious deeds.

It can only shut down 70% of the network. Nothing really nefarious. ::)

Title: Re: Antbleed: A remote shutdown backdoor in antminers
Post by: Hydrogen on April 27, 2017, 11:18:19 PM

Quote from: Lauda on April 27, 2017, 11:08:41 PM

Quote from: Hydrogen on April 27, 2017, 11:05:55 PM

lol if you know the answer, tell me.

How about you actually do some reading and then research before making useless posts? That's what you should be doing.

Quote from: Hydrogen on April 27, 2017, 11:05:55 PM

I know there's a backdoor. Is it an old backdoor?

It has been in existence for at least half a year (most likely longer).

Quote from: Hydrogen on April 27, 2017, 11:05:55 PM

Is it relevent?

Yes.

Quote from: Hydrogen on April 27, 2017, 11:05:55 PM

There are standard backdoors in everything from hardware routers to iphones(I'm not certain many posting in this thread know that).

False comparison fallacy. That's really not relevant.

Quote from: Hydrogen on April 27, 2017, 11:05:55 PM

It can only shut down 70% of the network. Nothing really nefarious. ::)

Its hard to know who to believe with politics being involved & people saying things that are untrue to push their own self interest agendas.

Much thanks for the response btw!

I wonder if this was deliberately introduced as a way to shutdown bitcoin core miners to make it seem as if bitcoin core developers introduced bugs into their software, like the one which allows BU nodes to be shut down remotely.

Title: Re: Antbleed: A remote shutdown backdoor in antminers
Post by: hardtime on April 28, 2017, 12:25:49 AM

Quote from: gentlemand on April 26, 2017, 09:28:56 PM

What's more interesting is that anyone can brick them according to this -

https://www.reddit.com/r/Bitcoin/comments/67qwqv/antbleed_exposing_the_malicious_backdoor_on/dgsk6cf/

This itself is horrid, if the company in which you put trust into to make ASIC miners and you wouldn't even think they'd do something like this ends up doing this would make me want them to go under right then and there. It's nice to now see that Jihan (Hate him, but +respect for this) coming out and confirming that the backdoor is there and such.

I would hope they come through to remove this but it would be nice to see this as the end of Jihan as people are going to be losing all of the respect that they had for him, not like I thought there was much left anyway. If he and his company does go down because of this it could be the end of BTU and the rise of Segwit as a whole as Wu was the biggest componenet against Segwit.

Title: Re: Antbleed: A remote shutdown backdoor in antminers
Post by: franky1 on April 28, 2017, 12:26:02 AM

Quote from: kingcolex on April 27, 2017, 11:59:00 PM

Looks like your shouting racism to avoid discussion, if you think the fact that Bitmain is Chinese isn't relevant you're crazy.

what if i told you most of the hardware was in places like mongolia..
thats like saying something canadian is american...'cos its north america'

what if i told you mining hardware is also in other places like georgia iceland etc
what if i told you jihan is just one person that cannot be at multiple farms at once.
what if i told you that jihan doesnt control 70% of hardware.

i shouted the racism card once.. yet everyone else shouted shill or insult in many post..
but i can yawn off all the people that can only reply "wrong coz ur a shill" without actually addressing the context with anything meaningful

Title: Re: Antbleed: A remote shutdown backdoor in antminers
Post by: chek2fire on April 28, 2017, 01:09:58 AM

Jihan Wu is the final boss to open the gate to the moon guys

https://pbs.twimg.com/media/C-dgeq3W0AEcxaI.jpg

Title: Re: Antbleed: A remote shutdown backdoor in antminers
Post by: leopard2 on April 28, 2017, 01:27:25 AM

Only someone with a paid agenda or a recent brainosuction would ignore these simple facts:

1. BU miners have already threatened to attack and destroy the non-BU chain after a split, this is documented
2. BU miners under Bitmain lead, have ASICBOOST, so they can invoke a 30% gain at any given time, on their own miners
3. Now Antbleed has been revealed; a method that, until 48 hours ago, could have been used to destroy everyone elses Antminer on the planet at their discretion

There is no certainty, but there is certainly a possibility, to combine 2+3, to achieve 1, which would be the destruction of the alternative chain, at least a temporary disruption, that could be the edge required to turn their BU chain into the winner.

Am I paranoid again? ???

Title: Re: Antbleed: A remote shutdown backdoor in antminers
Post by: OneUnderBridge on April 28, 2017, 01:58:03 AM

Quote from: leopard2 on April 28, 2017, 01:27:25 AM

I'm not an expert like franky1 or Lauda, but it certainly sounds serious to me. It sounds like a "doom switch" for sure. But, I think that its revelation will have foiled the plot if there was a plot at all. So, I think it's not so big of a deal now that it has been exposed. It sure is an intriguing situation though.

Title: Re: Antbleed: A remote shutdown backdoor in antminers
Post by: Searing on April 28, 2017, 02:06:37 AM

Quote from: leopard2 on April 28, 2017, 01:27:25 AM

Fact. They stalled shipping of L3+'s for a month plus due to 'firmware problem'. They really used them to mine themselves and stalled the units to paid customers to use them to stop seq witness till consensus. A nice payday. Run diff up by 33% to boot. The April 15th folk are getting units now with Jan dated firmware on them, so that surely was a lie now.

An added benifit is this patch will get rid of the nasty Jan date on the firmware to boot.

Bitmain. Evil pays. (tm bitmain)

Title: Re: Antbleed: A remote shutdown backdoor in antminers
Post by: Paashaas on April 28, 2017, 02:29:52 AM

Quote from: leopard2 on April 28, 2017, 01:27:25 AM

Am I paranoid again? ???

No you're not paranoid, Jihan is.

https://i.imgur.com/LkWy04B.png

Title: Re: Antbleed: A remote shutdown backdoor in antminers
Post by: freedomno1 on April 28, 2017, 03:09:41 AM

Quote from: gentlemand on April 27, 2017, 12:19:56 PM

Reading the patch thread the remote kill is needed if someone confiscates the mining units or steals em.
Seems a bit overkill though but in the name of coin security someone would appreciate the feature and phone home does the job.

We will continue the development of this feature to provide a technical protection for mining rig owners to host their miners in remote locations. We will add a switch to this feature, and this switch will be closed by default.

As long as someone bothers to read the code the feature sounds decent enough sum up steal my miner I brick it lol, kind of sounds like a douche thing a reseller could do to someone depending on how it is used though.

Title: Re: Antbleed: A remote shutdown backdoor in antminers
Post by: achow101 on April 28, 2017, 03:17:40 AM

Quote from: freedomno1 on April 28, 2017, 03:09:41 AM

The problem I have with this explanation is that the way the kill switch was implemented is way more complex and convoluted than it needs to be. It sounds like what they had done was fully implemented the feature but not the rest of the service they were going to provide, but they implemented this feature in such a weird way. The phone home code sets a global variable which is then read by another completely unrelated thread which sets another global variable which is what then actually does the mining shutdown part when the machine requests work. That is just way more complicated than it needs to be. The full feature could have just been implemented in the same function that they wrote for the phoning home, but instead it sets global variables used by other functions and threads.

Title: Re: Antbleed: A remote shutdown backdoor in antminers
Post by: Guy Corem on April 28, 2017, 03:43:55 AM

http://www.cbc.ca/beta/news/canada/newfoundland-labrador/great-north-data-bitmain-technologies-lawsuit-1.4084925

Title: Re: Antbleed: A remote shutdown backdoor in antminers
Post by: Guy Corem on April 28, 2017, 03:45:03 AM

https://bitcointalk.org/index.php?topic=521520.msg18770091#msg18770091

Title: Re: Antbleed: A remote shutdown backdoor in antminers
Post by: freedomno1 on April 28, 2017, 04:04:56 AM

Quote from: achow101 on April 28, 2017, 03:17:40 AM

Quote from: freedomno1 on April 28, 2017, 03:09:41 AM

I tend to imagine a meme whenever someone codes a convoluted means to solving a puzzle. Of course this one was an incomplete version of it so maybe it was just global for testing and forgotten but as you pointed out there are better ways to get the cogs set up.

https://qph.ec.quoracdn.net/main-qimg-346aef273af21139ac0ac938662b2035-c

Then there is what they teach people in school
"Commenting is the "art" of describing what your program is going to do in "high level" English statements."
(With a slight snicker to anyone that can say that with a straight face to a room of coders)
http://www.cs.utah.edu/~germain/PPS/Topics/commenting.html

But usually code just follows the easiest route which is using global vars to test it out and in this case presumes the other person can just magically use interpretation to figure what it all does. Hence Open-Source code.

"The controversy around this code has brought our attention to improve the design in order to address vulnerabilities that were pointed out by the community recently."

All in all looks like a lesson in beta-testing has occurred another good day in Development land ^^.

Quote from: Spondoolies-Tech on April 28, 2017, 03:43:55 AM

http://www.cbc.ca/beta/news/canada/newfoundland-labrador/great-north-data-bitmain-technologies-lawsuit-1.4084925

I can see why they would be pissed with the Chinese group for running the miners and wanted to brick them all remotely. Now it all makes sense ^^. That kill-switch is a don't tread on me flag and nuclear revenge button all in one.

(Nice find its in Cbc Beta too)

___
"In 2017, Bitmain’s own miners were withheld and sold without its consent in Canada." (Bitmain mini-note)

(Neither Bitmain nor Great North Data is doing interviews, but their lawyers both issued statements.

Daniel Simmons, the lawyer representing Great North Data, noted in an email to CBC News that the company "continues to carry on business as usual without interruption at its facilities in Labrador."

Meanwhile, Megan Taylor, who represents Bitmain, says her client "has no direct knowledge of the current status of their equipment," and Great North is no longer hosting for Bitmain.)

--
As an aside I never put together the place the Vikings visited on Discover Canada ad's and the great powerful hashing of Bitcoin but that's not a bad way to boost the economy of the New Fy's besides offshore drilling, as long as you find the right partners the wheels will keep chugging on the Bitcoin economy.
http://www.cbc.ca/news/canada/newfoundland-labrador/data-storage-bitcoins-western-labrador-1.3694238

Title: Re: Antbleed: A remote shutdown backdoor in antminers
Post by: lurker10 on April 28, 2017, 06:35:18 AM

Quote from: Lauda on April 27, 2017, 09:39:00 PM

Quote from: lurker10 on April 27, 2017, 07:30:44 PM

Bitmain fucked up, with no malice as is revealed by the open nature of their code on github. Malware writers do not publish their code for the whole world to see.

I didn't say their behavior is benevolent. I said they fucked up, meaning it was stupid of them to leave this backdoor in there, although clearly their intent was not malicious. They admitted it was stupid of them and every BU supporter should acknowledge the same. This failure does not make Segwit better from the investing standpoint. Core supporters can spin this any way they like, but the fact is Segwit does not suddenly become our savior because one man on the competitor team screwed up.

From the investing standpoint BU, Segwit are too controversial changes to bring to a safe haven crypto. If Bitcoin is willing to lose its safe haven status, I am afraid it will become not relevant much sooner than if it kept the status quo.

Title: Re: Antbleed: A remote shutdown backdoor in antminers
Post by: Lauda on April 28, 2017, 07:44:46 AM

Quote from: franky1 on April 28, 2017, 12:26:02 AM

what if i told you most of the hardware was in places like mongolia..
thats like saying something canadian is american...'cos its north america'

What if I told you that you're a hypocrite? You don't have any source to back this up and I know it (yet you keep asking for sources).

Quote from: franky1 on April 28, 2017, 12:26:02 AM

what if i told you jihan is just one person that cannot be at multiple farms at once.

He can most certainly run several farms.

Quote from: franky1 on April 28, 2017, 12:26:02 AM

what if i told you that jihan doesnt control 70% of hardware.

He has produced 70% of the hardware.

Quote from: leopard2 on April 28, 2017, 01:27:25 AM

1. BU miners have already threatened to attack and destroy the non-BU chain after a split, this is documented

Correct.

Quote from: leopard2 on April 28, 2017, 01:27:25 AM

2. BU miners under Bitmain lead, have ASICBOOST, so they can invoke a 30% gain at any given time, on their own miners

This is partially correct. You're overestimating. ASICBOOST can save about ~20% in energy costs. However, at current profit margins of ~1% that translates to a ~2000% increase in profits.

Quote from: leopard2 on April 28, 2017, 01:27:25 AM

3. Now Antbleed has been revealed; a method that, until 48 hours ago, could have been used to destroy everyone elses Antminer on the planet at their discretion

Any Antminer that is not behind a 'disallow by default' firewall (which is very uncommon for home miners).

Title: Re: Antbleed: A remote shutdown backdoor in antminers
Post by: yayayo on April 28, 2017, 12:23:09 PM

Quote from: OneUnderBridge on April 28, 2017, 01:58:03 AM

I'm not an expert like franky1 or Lauda, but it certainly sounds serious to me. [...]

franky1 is not an expert. He is simply a paid shill. Now he is endorsing obvious fraud by Jihan Wu (Bitmain). So he seems to have criminal aspirations as well.

Quote from: lurker10 on April 28, 2017, 06:35:18 AM

I didn't say their behavior is benevolent. I said they fucked up, meaning it was stupid of them to leave this backdoor in there, although clearly their intent was not malicious. [...]

The probability that the Antminer backdoor was implemented without malicious intent is exactly ZERO.

ya.ya.yo!

Title: Re: Antbleed: A remote shutdown backdoor in antminers
Post by: yayayo on April 28, 2017, 12:48:54 PM

Quote from: kingcolex on April 28, 2017, 12:41:57 PM

You know I really think that people being shills is extremely blown out of proportion but when there is so much money being spent to prop up BU and how ridiculous these post are getting I'm starting to definitely believe shilling is happening.

It's not out of proportion. Roger Ver pays 30 (+X ?) people to spread his propaganda.

There are huge economic interests at stake for these people.

ya.ya.yo!

Title: Re: Antbleed: A remote shutdown backdoor in antminers
Post by: digaran on April 28, 2017, 12:49:40 PM

Could it be there out of the goodness of heart to give their cloud mining clients the possibilities such as checking the status of their rented miners remotely and knowing there is actually a miner working and giving them freedom over their rented miners? but then home miners are home miners not cloud mining contractors so why the hell did they also include the code on their sale which were shipping out?

But seriously these little fuckers are worse than c-i-a and nazis lol they have total control and centralization in their back pocket.

Title: Re: Antbleed: A remote shutdown backdoor in antminers
Post by: franky1 on April 28, 2017, 01:05:27 PM

Quote from: kingcolex on April 28, 2017, 05:42:06 AM

I know my regions of China and I know exactly what Johan does it's obvious, he turns entire villages into employees and makes them dependent on him

lol now your exaggerating
it only needs maybe 5 people to run and maintain a mining farm. 2 during day 2 during night and a fifth person to cover any sickness or breaks. .. not "entire villages".

also i hav travelled to many countries and have seen how media try to make anything not western to seem like cave dwellers
EG photo's of africa of mud huts
EG photos of mongolia as temples and monks
EG photos of thailand as clear water oceans with funny shaped inhabitable land masses poking out the water.

yet the reality is different. mongolia for instance is very industrialised and has for the last few decades been developed very quickly, i hope you can see passed the idea of monasteries and monks and poor people in rice fields.
P.S i dont even donate to oxfam because i have seen how they waste funds and how the reality of africa works

Quote from: kingcolex on April 28, 2017, 05:42:06 AM

, China has 91 ethnic minorities and most of them are extremely poor, all he needs to do is find the villages that are close enough to cities and can either extended internet and build warehouses or bring them to cities.
This means he's going to stick to most northern China just due to climate but also due to the tier ranking cities there are a lot more tier 3 cities up north if I remember correctly. (Though I think it's Guiyang that is the poorest and that's down south) This means Jihan can get entire communities dependent on him for cheap,

the amount of internet traffic is very low for asic farms. infact the only data needed to be transmitted in is literally a couple hashes.. and a difficulty requirement. and then ~10 later a solved hash. everything else is just done locally. not over the internet
remember ASICS have no hard drives and dont need to see tx/block data. all they need is the hash. which can be handed to them remotely from stratums around the world. and then everything else is then local.

Quote from: kingcolex on April 28, 2017, 05:42:06 AM

It's not even comparable and silly to not be conserned, the only nations that could shift it would be more Asian countries like India but the temperature and converting their factories to more technology industry would cost more.

again you have not looked deep enough. iceland, north canada, georgia etc. oh and a couple other places in eastern europe/slavic regions

as for you and others screaming that im a shill or only defending X. is more narrow minded
i simply look at the big picture. and i am not pigeon holed into blindly supporting anyone.
i have no need to kiss anyone asses. in my eyes dvs are temporary. so no one should rely and depend on any particular dev. the sooner the software can support itself dynamically via user settings and then finding network consensus without dev spoon feeding. the better

one minute im being called things for supporting A, then B, then C , then D... much simpler explanation is that i simply dont support z

arguing endlessly
"this guy doesnt support Z and has been seen to not care about A means he is shil for A"
"this guy doesnt support Z and has been seen to not care about B means he is shil for B"
"this guy doesnt support Z and has been seen to not care about C means he is shil for C"
is silly. maybe because i see A, B, C as temporary drama which has been exaggerated by Z into trying to make A,B,C look bad just to pressure Z into being blindly followed. where by attacking A,B,C,D,E is simply doing the opposite of holding a
open diverse decentralised peer network.

Title: Re: Antbleed: A remote shutdown backdoor in antminers
Post by: freebutcaged on April 28, 2017, 03:11:53 PM

Just block the function by the method which OP provided and end of story, I wonder if someone could actually opens a backdoor in their backdoor and shuts down their miners?
It's just like microsoft, they have backdoors in their software, firmware in windows 10 which runs in the back ground and bypasses the user's settings.
How? while you are on metered connection it disconnects your wifi and doesn't allow you to connect until you plug the cable and then it starts to auto update and automatically removes the metered connection ticker no matter what you do it will update the windows.
But shutting down remotely? that's too much extreme.

Title: Re: Antbleed: A remote shutdown backdoor in antminers
Post by: BillyBobZorton on April 28, 2017, 03:18:32 PM

Quote from: freebutcaged on April 28, 2017, 03:11:53 PM

This is bitcoin, supposed to be the pinnacle of open source development, anything that resembles windows is a disaster. Collecting data, remotely shutting down mining machines and so on, shouldn't be tolerated, it shouldn't even be an option. Everyone in mining should be boycotting bitmain. If I had the money I would start a mining business that guarantees those things will never be possible because it will be hardcoded to never collect data and never take any remote orders finding a way to isolate all the stuff that doesn't need to be shared over the internet.

Title: Re: Antbleed: A remote shutdown backdoor in antminers
Post by: The One on April 28, 2017, 06:47:08 PM

Quote from: franky1 on April 27, 2017, 10:35:31 PM

Quote from: Decoded on April 27, 2017, 10:29:49 PM

Looked.

Now what the purpose of the above?

Title: Re: Antbleed: A remote shutdown backdoor in antminers
Post by: anonymoustroll420 on April 28, 2017, 06:52:43 PM

Quote from: The One on April 28, 2017, 06:47:08 PM

Quote from: franky1 on April 27, 2017, 10:35:31 PM

Quote from: Decoded on April 27, 2017, 10:29:49 PM

Looked.

Now what the purpose of the above?

It's one method used by Bitcoin to find out the IP of other nodes. There is a risk that the DNS seeds could co-operate together and attempt sybil you off the network by only giving you IP's controlled by them, but it is only one method used and it's only used during the initial set up of a node. The IP's are also sent over DNS, which gets cached by various DNS servers, making it nearly impossible to do that. After your node gets an initial list of node IPs your node keeps a DB of IP's and nodes share IP's between each other. The risk of an attack this way is absolutely tiny that its not even worth mentioning. As long as your node discovers the IP of one honest node, you are safe.

Title: Re: Antbleed: A remote shutdown backdoor in antminers
Post by: Quantus on April 28, 2017, 07:09:02 PM

Quote from: franky1 on April 27, 2017, 10:35:31 PM

Quote from: Decoded on April 27, 2017, 10:29:49 PM

wow just wow, you just went full retard franky1.

Title: Re: Antbleed: A remote shutdown backdoor in antminers
Post by: franky1 on April 28, 2017, 07:12:15 PM

Quote from: anonymoustroll420 on April 28, 2017, 06:52:43 PM

look at what vrsions 0.13+ are doing when "first set up"
hint gmaxwells buzzword: upstream tier
hint luke Jrs buzzword: bridge node

Title: Re: Antbleed: A remote shutdown backdoor in antminers
Post by: The One on April 28, 2017, 07:29:46 PM

Quote from: anonymoustroll420 on April 28, 2017, 06:52:43 PM

Quote from: The One on April 28, 2017, 06:47:08 PM

Quote from: franky1 on April 27, 2017, 10:35:31 PM

Quote from: Decoded on April 27, 2017, 10:29:49 PM

Looked.

Now what the purpose of the above?

So is the vSeeds above necessary? What is x1, x5,x9 and xd anyway?

Title: Re: Antbleed: A remote shutdown backdoor in antminers
Post by: anonymoustroll420 on April 28, 2017, 07:41:59 PM

Quote from: The One on April 28, 2017, 07:29:46 PM

So is the vSeeds above necessary? What is x1, x5,x9 and xd anyway?

It helps prevent against partitioning. The IP's given out by the DNS seeds are entirely random, while the IP's discovered by other methods are not so random.

Prior to the DNS seeds existing, Bitcoin used to join an IRC server and get other node IP's from that. Satoshi seemingly stole this code from gnutella, a filesharing protocol. The IRC server admin thought Bitcoin was a filesharing program or a botnet, and banned it from the server. Bitcoin used another IRC server for a while, until DNS seeds were implemented. Clearly the DNS seeds are a much better way than using a centralized chat server. Because it uses DNS, even if the seeds go offline, most nodes can still bootstrap for a period of time until DNS servers clear their caches.

I'm not sure what x1, x5,x9 and xd is.

Title: Re: Antbleed: A remote shutdown backdoor in antminers
Post by: jbreher on April 28, 2017, 10:16:16 PM

Quote from: kingcolex on April 28, 2017, 12:41:57 PM

500k a month to keep BU propped up,

You seem to be making a claim that some party is expending "500k a month to keep BU propped up". Care to substantiate this? Is this 500K USDollars? Who is the party making this expenditure? In what way is this expenditure 'keeping BU propped up'? How do you know this to be the case?

Title: Re: Antbleed: A remote shutdown backdoor in antminers
Post by: anonymoustroll420 on April 28, 2017, 10:21:07 PM

Quote from: jbreher on April 28, 2017, 10:16:16 PM

Quote from: kingcolex on April 28, 2017, 12:41:57 PM

500k a month to keep BU propped up,

You seem to be making a claim that some party is expending "500k a month to keep BU propped up". Care to substantiate this? Who is the party making this expenditure? In what way is this expenditure 'keeping BU propped up'? How do you know this to be the case?

In an interview, Charlie Shrem made the claim that Roger Ver is spending $500,000/mo to "keep BU propped up". No more details than that were given. Charlie Shrem was the owner of BitInstant, which Roger Ver was a large investor of. Roger Ver denies the claim.

However it is known that Roger Ver is funding >90% of BU development. It's likely he also has other expenses too. How much all these expenses total up to is difficult to figure out.

Title: Re: Antbleed: A remote shutdown backdoor in antminers
Post by: jbreher on April 28, 2017, 10:23:08 PM

Quote from: anonymoustroll420 on April 28, 2017, 10:21:07 PM

Quote from: jbreher on April 28, 2017, 10:16:16 PM

Quote from: kingcolex on April 28, 2017, 12:41:57 PM

500k a month to keep BU propped up,

So an unsubstantiated rumor. Got it.

Now that Bitcoin Jesus has been recast as Bitcoin Judas, with a huge contingent prepared to cast him through the gates of hell, should we not be suspicious of unsubstantiated rumors?

I see you've edited, so I shall also:

Quote from: anonymoustroll420 on April 28, 2017, 10:21:07 PM

However it is known that Roger Ver is funding >90% of BU development.

No. The vast majority of BU development is pro bono. Roger made a significant donation to the BU Foundation, but most of that cash is sitting dormant.

Title: Re: Antbleed: A remote shutdown backdoor in antminers
Post by: anonymoustroll420 on April 28, 2017, 10:24:57 PM

Quote from: jbreher on April 28, 2017, 10:23:08 PM

Well, the claim is being made by someone who was very close to Roger Ver, not some anonymous troll, so there could be some truth to it. Certainly Roger Ver is spending a lot of money on BU, how much is not known.

Title: Re: Antbleed: A remote shutdown backdoor in antminers
Post by: achow101 on April 28, 2017, 11:15:49 PM

Quote from: anonymoustroll420 on April 28, 2017, 07:41:59 PM

I'm not sure what x1, x5,x9 and xd is.

Those refer to the services that a node supports.

x1 is NODE_NETWORK, i.e. a full node
x5 is NODE_NETWORK and NODE_BLOOM
x9 is NODE_NETWORK and NODE_WITNESS
xd (aka x13) is NODE_NETWORK, NODE_BLOOM, and NODE_WITNESS

Title: Re: Antbleed: A remote shutdown backdoor in antminers
Post by: digaran on April 28, 2017, 11:16:44 PM

Pointing fingers, blaming blockstreamers for implementing backdoor trojan horse segwit, it was all the real distraction from all the real fucked up things happening right under our noses and guess who managed to constantly divert the attentions away from the real menace?
I'm really disappointed in you franky1 I thought you were different but now I see that you were the one distracting everyone with your finger pointing blaming gmaxwell and showing colorful graphs and charts.
I mean this is just too obvious and I'm the idiot to actually counting on your words for a while but now even me with a pea sized brain can see what is going on.

We should strip you naked and shame you all the way to the court, at least share some of that fat bonus for posting and be an absolute enemy of Core with us I could easily be very convincing with only $5 bucks per effective post :) :).

Now I don't know who can I trust anymore, people literally caught them bitmainers while raping the community and yet you come here and say no it wasn't them.
By my calculations I have an estimation that antpool alone is earning averagely $450K upto $600K every 24 hours of every 7 days of every week.
Now take the average of $500K daily * 30 of one month = $15,000,000 dollars and 20% of $15M is = $3,000,000 dollars and according to you the ROI for the manufacturers is instant or one month, so they even ROIed 3 times over already before releasing the S9s to the public.

And now people should know that they have made at least $20M in last 6 months out of the thin air which was coming from within another thin air mining and again mining with asicboost double thin airs.

Now I understand where the funds for spam transactions/ forum dos attacks come from, no people unrelated to crypto specifically bitcoin aren't crazy to dos the forum or spam attack the network and waste their hard earned money.

Who could've thought about all of this right?

I didn't even count the double earnings of selling miners to the public and didn't account for other pools owned by antpool and other coins, hell I'm now certain that they have earned double the amount on LTC mining :D :D :D.

Title: Re: Antbleed: A remote shutdown backdoor in antminers
Post by: The One on April 28, 2017, 11:46:26 PM

Quote from: anonymoustroll420 on April 28, 2017, 10:21:07 PM

Quote from: jbreher on April 28, 2017, 10:16:16 PM

Quote from: kingcolex on April 28, 2017, 12:41:57 PM

500k a month to keep BU propped up,

Is this the same C Shrem that was find guilty and went to prison?

Title: Re: Antbleed: A remote shutdown backdoor in antminers
Post by: The One on April 28, 2017, 11:49:33 PM

Quote from: achow101 on April 28, 2017, 11:15:49 PM

Quote from: anonymoustroll420 on April 28, 2017, 07:41:59 PM

I'm not sure what x1, x5,x9 and xd is.

Thanks, so how does all this work?

I can see the xd detail looking at the wallet peers. Does it need to be activated or is it automatic?

Title: Re: Antbleed: A remote shutdown backdoor in antminers
Post by: The One on April 28, 2017, 11:55:41 PM

Quote from: digaran on April 28, 2017, 11:16:44 PM

Pointing fingers, blaming blockstreamers for implementing backdoor trojan horse segwit, it was all the real distraction from all the real fucked up things happening right under our noses and guess who managed to constantly divert the attentions away from the real menace?
I'm really disappointed in you franky1 I thought you were different but now I see that you were the one distracting everyone with your finger pointing blaming gmaxwell and showing colorful graphs and charts.
I mean this is just too obvious and I'm the idiot to actually counting on your words for a while but now even me with a pea sized brain can see what is going on.

We should strip you naked and shame you all the way to the court, at least share some of that fat bonus for posting and be an absolute enemy of Core with us I could easily be very convincing with only $5 bucks per effective post :) :).

Now I don't know who can I trust anymore, people literally caught them bitmainers while raping the community and yet you come here and say no it wasn't them.
By my calculations I have an estimation that antpool alone is earning averagely $450K upto $600K every 24 hours of every 7 days of every week.
Now take the average of $500K daily * 30 of one month = $15,000,000 dollars and 20% of $15M is = $3,000,000 dollars and according to you the ROI for the manufacturers is instant or one month, so they even ROIed 3 times over already before releasing the S9s to the public.

And now people should know that they have made at least $20M in last 6 months out of the thin air which was coming from within another thin air mining and again mining with asicboost double thin airs.

Now I understand where the funds for spam transactions/ forum dos attacks come from, no people unrelated to crypto specifically bitcoin aren't crazy to dos the forum or spam attack the network and waste their hard earned money.

Who could've thought about all of this right?

I didn't even count the double earnings of selling miners to the public and didn't account for other pools owned by antpool and other coins, hell I'm now certain that they have earned double the amount on LTC mining :D :D :D.

Trust no one, but yourself.

Do your own research and read the technical whitepapers.

Ask yourself what is Bitcoin suppose to be. Payment service or gold 2.0?

Look at the fees and ask yourself why it is so high.

Understand basic economics, supply and demand; scarcity would do for now.

Ask yourself what agenda does the developers/miners have.

The truth will come to you.

Title: Re: Antbleed: A remote shutdown backdoor in antminers
Post by: achow101 on April 29, 2017, 12:06:10 AM

Quote from: The One on April 28, 2017, 11:46:26 PM

Is this the same C Shrem that was find guilty and went to prison?

Yes. IIRC he was released a few months ago.

Quote from: The One on April 28, 2017, 11:49:33 PM

Thanks, so how does all this work?

I can see the xd detail looking at the wallet peers. Does it need to be activated or is it automatic?

It depends on the software that you are running. Different software will support different services. Additionally if you have pruning enabled you will be disabling NODE_NETWORK for your node. If you run Bitcoin Core 0.13.1+, your node will be xd. Earlier versions should be x5 and even older ones will be x1.

Title: Re: Antbleed: A remote shutdown backdoor in antminers
Post by: The One on April 29, 2017, 12:32:59 AM

Quote from: achow101 on April 29, 2017, 12:06:10 AM

Quote from: The One on April 28, 2017, 11:46:26 PM

Is this the same C Shrem that was find guilty and went to prison?

Yes. IIRC he was released a few months ago.

Quote from: The One on April 28, 2017, 11:49:33 PM

Thanks, so how does all this work?

I can see the xd detail looking at the wallet peers. Does it need to be activated or is it automatic?

Just worked that out a minute ago lol thanks.

Title: Re: Antbleed: A remote shutdown backdoor in antminers
Post by: arklan on April 29, 2017, 04:41:05 PM

Quote from: achow101 on April 29, 2017, 12:06:10 AM

Quote from: The One on April 28, 2017, 11:46:26 PM

Is this the same C Shrem that was find guilty and went to prison?

Yes. IIRC he was released a few months ago.

well, that's good to hear. if i recall the charges were really really crappy.

Title: Re: Antbleed: A remote shutdown backdoor in antminers
Post by: Vorth on April 29, 2017, 06:32:49 PM

I'm reading that they could also do a remote reflash of the firmware and potentially brick the hardware.

Title: Re: Antbleed: A remote shutdown backdoor in antminers
Post by: franky1 on April 29, 2017, 07:31:21 PM

Quote from: Quantus on April 28, 2017, 07:09:02 PM

wow just wow, you just went full retard franky1.

1. DNS seeds can RPC call the nodes EG trigger some buggy code in implementations - we all know thats possible

2. i wanted to see how many people would reply to protect the blockstreamers access to all nodes, and see if them same people are the same people screaming blue murder about anything not core having similar access to things that are not core. such as asics or other implementations. as an experiment on who factually knows whats possible and who is speculating about worse case scenarios.

i find it funny when people create drama about one thing, but are not equally as critical about the other

ever ask yourself why there are no 0.8 or below nodes on the network
and how easy it could be to start making other implementations not have access.
EG anything below 0.13.1 (70014) can find themselves 'lost'

#define REQUIRE_VERSION 70001
if (clientVersion && clientVersion < REQUIRE_VERSION) return false;

simply change to

#define REQUIRE_VERSION 70014
if (clientVersion && clientVersion < REQUIRE_VERSION) return false;

and anything not segwit just wouldnt get a list of nodes from a DNS

and most of the segwit users wont want to manually white list old nodes to offer up a nodes list the other way.
hence why even the segwit documentations says

https://bitcoincore.org/en/2016/10/27/segwit-upgrade-guide/#not-upgrading-1

Quote

The easiest way to prevent this problem is to upgrade to Bitcoin Core 0.13.1 or another full node release that is compatible with the segwit soft fork. If you still don’t wish to upgrade, it is possible to use a newer Bitcoin Core release as a filter for older Bitcoin Core releases.

Filtering by an upgraded node

In this configuration, you set your current Bitcoin Core node (which we’ll call the “older node”) to connect exclusively to a node running Bitcoin Core 0.13.1 or later (which we’ll call the “newer node”). The newer node is connected to the Bitcoin P2P network as usual.
For the older node, first wait for the newer node to finish syncing the blockchain and then restart the older node with the following command line parameter (this may also be placed in the Bitcoin Core configuration file):

yep if you dont want to upgrade. you have to still download a segwit node just to whitelist yourself.

which makes me laugh about the whole "everything is fine segwit is backward compatible and no need to upgrade" promises of segwit going soft

i hope this wakes you up to the TIER network of gmaxwells (upstream filter) and (luke JRs bridge node) word twisting of said tier network of control
where blockstream becomes top of the foodchain..

Title: Re: Antbleed: A remote shutdown backdoor in antminers
Post by: arklan on April 29, 2017, 07:54:55 PM

Quote from: Vorth on April 29, 2017, 06:32:49 PM

I'm reading that they could also do a remote reflash of the firmware and potentially brick the hardware.

that was correct in theory, but they've now patched the firmware, so it's a non-issue.

Title: Re: Antbleed: A remote shutdown backdoor in antminers
Post by: -ck on April 29, 2017, 09:52:21 PM

Quote from: arklan on April 29, 2017, 07:54:55 PM

Quote from: Vorth on April 29, 2017, 06:32:49 PM

I'm reading that they could also do a remote reflash of the firmware and potentially brick the hardware.

that was correct in theory, but they've now patched the firmware, so it's a non-issue.

...for those who have updated their firmware.

Title: Re: Antbleed: A remote shutdown backdoor in antminers
Post by: anonymoustroll420 on April 30, 2017, 12:48:47 PM

Quote from: franky1 on April 29, 2017, 07:31:21 PM

1. DNS seeds can RPC call the nodes EG trigger some buggy code in implementations - we all know thats possible

No? Open a terminal and type "host dnsseed.bitcoin.dashjr.org"

you get an output like this:

Code:

dnsseed.bitcoin.dashjr.org has address 200.8.154.156
dnsseed.bitcoin.dashjr.org has address 124.170.80.250
dnsseed.bitcoin.dashjr.org has address 66.187.187.94
dnsseed.bitcoin.dashjr.org has address 188.81.38.4
dnsseed.bitcoin.dashjr.org has address 18.85.35.180
dnsseed.bitcoin.dashjr.org has address 192.241.135.239
dnsseed.bitcoin.dashjr.org has address 92.232.205.21
dnsseed.bitcoin.dashjr.org has address 202.7.239.164
dnsseed.bitcoin.dashjr.org has address 101.167.34.215
dnsseed.bitcoin.dashjr.org has address 97.92.247.128
dnsseed.bitcoin.dashjr.org has address 68.6.231.19
dnsseed.bitcoin.dashjr.org has address 54.94.207.125
dnsseed.bitcoin.dashjr.org has address 23.243.158.222
dnsseed.bitcoin.dashjr.org has address 62.76.26.214
dnsseed.bitcoin.dashjr.org has address 189.34.57.96
dnsseed.bitcoin.dashjr.org has address 111.164.172.20
dnsseed.bitcoin.dashjr.org has address 71.81.75.127
dnsseed.bitcoin.dashjr.org has address 178.113.182.244
dnsseed.bitcoin.dashjr.org has address 85.74.245.220
dnsseed.bitcoin.dashjr.org has address 79.148.67.94
dnsseed.bitcoin.dashjr.org has address 67.207.80.65
dnsseed.bitcoin.dashjr.org has address 96.23.239.29
dnsseed.bitcoin.dashjr.org has address 90.3.155.239
dnsseed.bitcoin.dashjr.org has address 85.228.58.134
dnsseed.bitcoin.dashjr.org has address 46.4.75.10
dnsseed.bitcoin.dashjr.org has address 185.104.11.148
dnsseed.bitcoin.dashjr.org has address 80.114.11.217
dnsseed.bitcoin.dashjr.org has IPv6 address 2001:0:4137:9e76:34:211e:fde7:79d8
dnsseed.bitcoin.dashjr.org has IPv6 address 2001:0:5ef5:79fd:30a9:f23:416e:e935
dnsseed.bitcoin.dashjr.org has IPv6 address 2a01:e35:2e54:52c0:5859:d7cb:5cae:2ad5
dnsseed.bitcoin.dashjr.org has IPv6 address 2001:0:4137:9e76:10eb:3b18:b61e:38bd
dnsseed.bitcoin.dashjr.org has IPv6 address 2001:0:4137:9e76:3e:18f5:b5ad:115d
dnsseed.bitcoin.dashjr.org has IPv6 address 2001:0:9d38:953c:20bf:28b2:afe7:8a94
dnsseed.bitcoin.dashjr.org has IPv6 address 2001:0:9d38:6ab8:1460:2878:ae4e:5e7
dnsseed.bitcoin.dashjr.org has IPv6 address 2001:0:9d38:953c:10b3:3382:4fa9:4aaa
dnsseed.bitcoin.dashjr.org has IPv6 address 2a02:2c8:1:253:4d1:229d:b4c0:b4a5
dnsseed.bitcoin.dashjr.org has IPv6 address 2001:0:4137:9e76:65:2785:bc48:6331
dnsseed.bitcoin.dashjr.org has IPv6 address 2001:0:4137:9e76:407:361a:ae98:1c3b
dnsseed.bitcoin.dashjr.org has IPv6 address 2600:6c55:7200:14b:cf4:811c:7cb3:f7a7
dnsseed.bitcoin.dashjr.org has IPv6 address 2001:0:4137:9e76:c03:13fa:a971:d5e4
dnsseed.bitcoin.dashjr.org has IPv6 address 2001:0:5ef5:79fb:206f:2bed:bb3c:20a5
dnsseed.bitcoin.dashjr.org has IPv6 address 2001:0:5ef5:79fb:3822:1edd:a80b:bc9f
dnsseed.bitcoin.dashjr.org has IPv6 address 2001:0:9d38:6abd:3438:37c:4dfd:7d4

Those are node IP's. Thats how DNS seeding works, it simply does a DNS lookup. There is no attack surface here.

Quote from: franky1 on April 29, 2017, 07:31:21 PM

and how easy it could be to start making other implementations not have access.
EG anything below 0.13.1 (70014) can find themselves 'lost'

That code you provided deals with adding new nodes to the DNS seed. Old and broken nodes are not added to the DNS seed, but old nodes can of course still query the DNS seed for IP's and connect. Even if they couldn't, you could simply run "host dnsseed.bitcoin.dashjr.org" and add the IP's yourself.

By the way, you're full of shit when you say there are only 3 DNS seeds:

Code:

        vSeeds.push_back(CDNSSeedData("bitcoin.sipa.be", "seed.bitcoin.sipa.be", true)); // Pieter Wuille, only supports x1, x5, x9, and xd
        vSeeds.push_back(CDNSSeedData("bluematt.me", "dnsseed.bluematt.me", true)); // Matt Corallo, only supports x9
        vSeeds.push_back(CDNSSeedData("dashjr.org", "dnsseed.bitcoin.dashjr.org")); // Luke Dashjr
        vSeeds.push_back(CDNSSeedData("bitcoinstats.com", "seed.bitcoinstats.com", true)); // Christian Decker, supports x1 - xf
        vSeeds.push_back(CDNSSeedData("bitcoin.jonasschnelli.ch", "seed.bitcoin.jonasschnelli.ch", true)); // Jonas Schnelli, only supports x1, x5, x9, and xd
        vSeeds.push_back(CDNSSeedData("petertodd.org", "seed.btc.petertodd.org", true)); // Peter Todd, only supports x1, x5, x9, and xd

By the way, I find it hilarious that the only BU-only DNS seed seed.btcc.com is broken right now, much like everything BU related.

Quote from: franky1 on April 29, 2017, 07:31:21 PM

yep if you dont want to upgrade. you have to still download a segwit node just to whitelist yourself.

No you just need to use one as a bridge, can be any node, use mine if you like ;)

Title: Re: Antbleed: A remote shutdown backdoor in antminers
Post by: -ck on April 30, 2017, 01:15:46 PM

Quote from: kingcolex on April 30, 2017, 11:49:21 AM

Quote from: -ck on April 29, 2017, 09:52:21 PM

Quote from: arklan on April 29, 2017, 07:54:55 PM

Quote from: Vorth on April 29, 2017, 06:32:49 PM

I'm reading that they could also do a remote reflash of the firmware and potentially brick the hardware.

that was correct in theory, but they've now patched the firmware, so it's a non-issue.

...for those who have updated their firmware.

Which we all know doesn't happen often, most users set it and forget it.

Which was the point of my post... likely the bulk of them out there are still vulnerable.

Additionally I happen to know that certain functionality only existed on the first S9 firmware and many users are reluctant to change from it.

Title: Re: Antbleed: A remote shutdown backdoor in antminers
Post by: leopard2 on April 30, 2017, 06:33:09 PM

Quote from: -ck on April 29, 2017, 09:52:21 PM

Quote from: arklan on April 29, 2017, 07:54:55 PM

Quote from: Vorth on April 29, 2017, 06:32:49 PM

I'm reading that they could also do a remote reflash of the firmware and potentially brick the hardware.

that was correct in theory, but they've now patched the firmware, so it's a non-issue.

...for those who have updated their firmware.

Their evil plan is now spoiled but they had an evil plan, that's what counts.

If someone fires a gun at me and misses, would I listen to a shill who says "Why you worried? Nothing happened." :D

Title: Re: Antbleed: A remote shutdown backdoor in antminers
Post by: homeidea11111 on May 28, 2018, 11:27:36 PM

Quote from: BillyBobZorton on April 26, 2017, 10:39:15 PM

That is really worrying. I guess people should now consider this on top of the standard 51% attack possibility

Title: Re: Antbleed: A remote shutdown backdoor in antminers
Post by: WinMar on May 30, 2018, 01:03:46 PM

The evil plan seems to be thwarted for now as the website that the miners are supposed to connect to seems to be offline.

Title: Re: Antbleed: A remote shutdown backdoor in antminers
Post by: RochaMckay on June 05, 2018, 07:27:41 AM

Core Devs should be having a meeting with non-Bitmain miners right now proposing a roadmap to change the algo and leave Bitmain isolated

Title: Re: Antbleed: A remote shutdown backdoor in antminers
Post by: WinMar on June 05, 2018, 12:48:14 PM

@ RochaMckay

Its too late to do that now. If you change the mining algorithm now everyone gets screwed. The time to have done it should have been just when they started selling the L3 antminers. Now millions of dollars have been spent by miners and changing it now would be like chopping off your nose to spite your face.

Title: Re: Antbleed: A remote shutdown backdoor in antminers
Post by: jbreher on June 05, 2018, 11:37:28 PM

Quote from: RochaMckay on June 05, 2018, 07:27:41 AM

Core Devs should be having a meeting with non-Bitmain miners right now proposing a roadmap to change the algo and leave Bitmain isolated

Refer to what recently happened to Bitcoin Gold as evidence of the stupidity of throwing aside billions of $USD of dedicated security appliances.

But by all means, go for it. Knock yourselves out. Uncover yet another way to learn how worthless NotBitcoin is.

Title: Re: Antbleed: A remote shutdown backdoor in antminers
Post by: jacksadown0920 on June 15, 2018, 10:14:20 AM

What are we supposed to do now, other than change the PoW algo immediately? Core Devs should be having a meeting with non-Bitmain miners right now proposing a roadmap to change the algo and leave Bitmain isolated

Title: Re: Antbleed: A remote shutdown backdoor in antminers
Post by: WinMar on June 15, 2018, 12:14:31 PM

Unfortunately Bitmain would just make new miners to match the new algo and we the people would be lining up to by them. The key to bitmain's success is their pool people must not mine there as this gives them control of the block chain. Then they can do some really nasty thing.

Title: Re: Antbleed: A remote shutdown backdoor in antminers
Post by: jbreher on June 15, 2018, 03:31:46 PM

Quote from: jacksadown0920 on June 15, 2018, 10:14:20 AM

Why? Other than provide more Bitcoin dedicated security equipment than any other party, what have they done that is so heinous?

Title: Re: Antbleed: A remote shutdown backdoor in antminers
Post by: WinMar on June 16, 2018, 01:43:19 AM

Bitcoin Gold 51% attack, there are many people who say Bitmain was behind that attack.

Title: Re: Antbleed: A remote shutdown backdoor in antminers
Post by: jbreher on June 17, 2018, 02:31:41 AM

Quote from: WinMar on June 16, 2018, 01:43:19 AM

Bitcoin Gold 51% attack, there are many people who say Bitmain was behind that attack.

Hmm. So... jump to hasty conclusions, accept hearsay is if it were proof, and berate the merely suspected. Got it.

Title: Re: Antbleed: A remote shutdown backdoor in antminers
Post by: CurtisEvans on June 17, 2018, 03:20:10 AM

Bitmain fucked up, with no malice as is revealed by the open nature of their code on github. Malware writers do not publish their code for the whole world to see.Great to see there are people looking out for these exploits, but I think bitmain really screwed up here.

Title: Re: Antbleed: A remote shutdown backdoor in antminers
Post by: coinbeamer on August 12, 2018, 11:01:16 AM

All my antminers we're Stolen about 2 Werks ago.
Ist there a way To get the thieves IP Using this antbleed stuff?

Title: Re: Antbleed: A remote shutdown backdoor in antminers
Post by: NGOCDIEP on September 07, 2018, 05:19:58 PM

And antbleed.com needs to modify their statements about what miners have it. I will verify tomorrow but am POSITIVE my few remaining batch-1, 3, and 5 s7's have the MinerLink option in the GUI.