![](https://bitcointalk.org/Themes/custom1/images/post/exclamation.gif) |
January 22, 2019, 01:28:10 AM |
|
Folk,
Bitmain has decided to "fight back" against third party firmware on their units. Their most recent units are shipping with firmware that has ssh disabled and some firmware integrity checks in place to prevent you from installing another firmware. As of this post, the change is not in all of their firmwares, but they are adding it as they update them as best I can tell.
The checks are simplistic in nature, but effective because ssh is disabled by default.
I know this is the case on the new S/T15 units and it is the case on the latest (November?) DR3 firmware.... Once you move to that firmware, you cannot go to another one.
While this can easily be circumvented with physical access to a miner, it isn't something that is (as of yet) easily solvable with a normal firmware upgrade.
Net-net, don't upgrade to their latest firmwares without a good reason to (they don't release release notes).
Their method is embedded in the firmware upgrades "runme" script, as well as the "upgrade" CGI script. It's a set of checks that look for a file signature against the script and if it matches via an openssl return code, the upgrade continues. If it doesn't, the upgrade fails with an "invalid signature" message.
Without SSH and/or serial console access to the units, fixing this is non-trivial, but not impossible.
I know how to go about breaking this, but I don't have any of the miners that are implementing this at the moment. My analysis so far has been a static analysis on their firmware files themselves... and I think they've done a simple but effective job.
I'll update this thread if/when I come up with some alternative ideas.
Thank you,
Jason
|