Ebit e9 miner with 6.8Th/s from Ebang company a new rival for existing producers

[73blazer]

WHen I turned on packet monitor , during dwang startup I've found  they are reporting or trying to report something to:
get ipaddr : 114.215.172.52officail name : e.g703.cn
their_ipaddr =114.215.172.52


that IP.
It comes back to some
Aliyun Computing Co.
City:
   Hangzhou
Country:
   China

It's live, you can ssh there.
I made a policy on my main router to send that address to oblivion.

[smartass111]

I created FW based on 6.0.20.40. You can download it here
https://www.dropbox.com/s/f05u5oantyk45ki/btc_upgrade_6.0.20.40_mod_root.tar.gz?dl=0
https://drive.google.com/file/d/1IxlJSVQ9RT4VQ7gMhDwIjdOo6MH-4p1Z/view?usp=sharing
please double check sha1hash after downloading
b3a851093dc13eafe3e0f48bc0f2557c21ad2267  btc_upgrade_6.0.20.40_mod_root.tar.gz

I see unclaimed root password changes. Don't be shy, ask for them in PM or here (provide mac address and time you rebooted your miner after flashing)

[freegeek]

All, there is no need to pay someone for some fancy firmware, put your miners behind a statefull firewall like an ubiquity edgemax ($70) and just block all inside to outside ip connections that have nothing to do with the pool you are using. Manage your miners via an encrypted vpn (ubiquity supports ssl and ipsec) and you are golden.

Actually if you are running miners behind some NAT (in internal network behind router) - you don't need to worry about firewall I think

You may worry about china soft itself (inbound connections that cgminer make) - for example there are china pools hardcoded for sure

Just now ssh is just very very handy way to manage your miners remotely. And some insurance for cases when WebUI went down.
May be some more things and modifications will come in future (like nxsub support or fan control)

Yes you should. These things are shipped with a firmware that is basically a black box, it makes a connection from the inside to the outside. There is a very big misconception that NAT is a security feature

[smartass111]

Yes you should. These things are shipped with a firmware that is basically a black box, it makes a connection from the inside to the outside. There is a very big misconception that NAT is a security feature

I meant that nobody can control your miner using web/ssh/snmp behind NAT

Of course SW you have running inside OS behind NAT can connect somewhere and after that receive commands

[73blazer]

127.0.0.1 it.

I made a rule on my firewall to deny packets from my miner group addresses out to any of these hardcoded BS sites. THe nice thing about that is the firewall keeps track of how many times it was denied and you can see those stats.
So far, hm.baidu.com was only once, it doesn't seem to get called on every page load. The e.g703.cn (114.215.172.52) gets hit every time dwang starts, this one looks bad, it's definitely reporting some crap to this site.
also hardcoded in dwang are several hidden pools, I denied all those too based on fqdn.
stratum+tcp://stratum.f2pool.com:3333
stratum+tcp://stratum.haobtc.com:3333
stratum+tcp://vipebite.btcxo.com:3334
stratum+tcp://stratum.btcchina.com:3333

none of those have been hit though, i think they may only exist to auto fill the details , when you go to the miner config webpage it has radio buttons for haobtc and btcchina (but not the other two???!?!?!?) ... but the rule to deny stays! We'll see if they get hit attempts over time

[73blazer]

127.0.0.1 it.

I made a rule on my firewall to deny packets from my miner group addresses out to any of these hardcoded BS sites. THe nice thing about that is the firewall keeps track of how many times it was denied and you can see those stats.
So far, hm.baidu.com was only once, it doesn't seem to get called on every page load. The e.g703.cn (114.215.172.52) gets hit every time dwang starts, this one looks bad, it's definitely reporting some crap to this site.
also hardcoded in dwang are several hidden pools, I denied all those too based on fqdn.
stratum+tcp://stratum.f2pool.com:3333
stratum+tcp://stratum.haobtc.com:3333
stratum+tcp://vipebite.btcxo.com:3334
stratum+tcp://stratum.btcchina.com:3333

none of those have been hit though, i think they may only exist to auto fill the details , when you go to the miner config webpage it has radio buttons for haobtc and btcchina (but not the other two???!?!?!?) ... but the rule to deny stays! We'll see if they get hit attempts over time

[73blazer]

Actually I just added a rule to allow to my pools and deny everything else.
The deny everything else has produced about 8 denials/hr/miner to various places, most of which you can ssh to and get a prompt. WTF ebang!?!?!?!?

[73blazer]

Has anyone tried to just compile cgminer for arm and see if it picks up the asics on that thing? Never looked into how the mining software actually works, not sure how they talk to the asics.
the dwang crap really needs to go, dirty dirty stuff.

[73blazer]

#!/bin/bash
echo "#################Create new auth.conf and snmpd.conf to secure your ebit miner ##########"
echo
echo -n "Enter Username: "
read user
./authpass --cipher md5 --file auth.conf example.com $user adminstrator

echo "New auth.conf created"
echo
cat auth.conf
echo
echo ##########################################################################################
echo "Create snmp.conf ReadOnly/ReadWrite Password"
echo -n "Enter SNMP ReadOnly Commmunity: "
read suser
echo

echo -n "Enter SNMP ReadWrite Commmunity: "
read spass

echo rocommunity $spass > snmpd.conf
echo rwcommunity $suser >> snmpd.conf

echo "New snmpd.conf created"
cat snmpd.conf
echo
echo "#If you would like to help free cgiminer and its api access from the evil ebit empire"
echo "#Please send donations too: 19ZMUgy5KGucLWiehQbo3rzwXWX3EPZpqT .005 btc or more please"

No need for authpass, it's just a md5 hash with no endline/newline char on it in the form of
admin:example.com:yourpasswd
Because they run appweb under the domain example.com, you can change that too in appweb.conf
Don't use a colon in your password!!! Appweb idgits.

Code:

echo
echo "Appweb auth.conf password generator"
echo
echo
echo "Enter userid (no colons!): \c"
read nuser
echo "Enter new Password (no colons!): \c"
read npass
echo "Generating appweb hash for user: $nuser password [$npass]....."
hash=`echo "${nuser}:example.com:${npass}\c" | openssl md5`
echo =================
echo "Your new Hash is : $hash"
echo =================
echo
echo "Place this line in your auth.conf:"
echo =================
echo "User admin $hash administrator"
echo =================
echo
exit 0

I thought about ditching the resolv.conf too, but that seems rather brute-force-ish. The rule on the firewall works great, allow out to your pools via FQDN so you don't need manage the round-robin ip's the pools use, then deny all  outbound from your miner group addys.
#      From   To   Priority   Source         Destination   Service   Action   Users
36      LAN      WAN   1   EbitMiner40-50           MinerPools    Any      Allow            All      
37      LAN      WAN   9   EbitMiner40-50           Any            Any      Deny            All   
I have defined on my firewall/router EbitMiner40-50 address object  as a range of addresses that only the miners fall in and MinerPools address object  as my pools by name, the router will keep track of the various ip's associated with those names
I've had a running trace on 37 to show me exactly what's being blocked..
After dwang is going, nothing, but during dwang startup..watch out, it wants to connect to all kinds of internet ip's, as well as many 192.168 internal ips they must being using in their development office.

I would HIGHLY recommend anyone with a ebang miner to create that rule-set on their firewall. It won't affect it's operation, there's no hack or code required and you don't need to touch your miners or break into them, just some rules to box in your miners so they can only talk to your pools,  and keeps your miner from reporting all kinds of stuff to various entities in china.

[freegeek]

So your telling me that the client that you use to connect to it does not allow connections to the miners. The exploit is in the appweb code itself in the firmware.
You------------------------> Miner
You----Fetch Code-----> Miner.
Does not matter what the Miners are behind because the code is run from the connecting client and then executed on the Miner.
Does not matter what the miners are behind or if your use a vpn to connect to them.
So, Unless you invalidate all ssl certified servers the code has already ran. On every page on every miner you have connected to.
Now is when you say. "Oh Shit".

And for those of us with S9's yea heres the mea culpa from bitmain about there backdoor.
https://enforum.bitmain.com/bbs/topics/4194

You got it, you are definitely not a complete idiot like smart-ass.


Here, to remove the remote exploit of the ebang miners try running this batch file.
Your firewalls are useless against ebangs remote exploit. Here is how to disable it on a per machine basis.
Check every version of firmware with fgrep -r baidu . You will find it in all of them
This is for both windows and windows 64 bit version. Linux users well we already know.
When you can remotely change any javascript variable on a page via remote execution its a bad thing mkay.

https://pastebin.com/raw/euPTXM1g

Update on the last bomb run on root, Currently the mask of 0X00EE-0X00FF on the 16 range pinyin for the root password has begun.

Smartass1 don't bother the code is in batch file and may be to complex for you.
How to tell a smartass is a dumbass, simple a dumbass can at least use cabextract to get one fucking file and follow directions.
Blob conversion of the s9's has begun to be fully gpl compliant.
Don't bother donating to me Ill collect the bounties

All, there is no need to pay someone for some fancy firmware, put your miners behind a statefull firewall like an ubiquity edgemax ($70) and just block all inside to outside ip connections that have nothing to do with the pool you are using. Manage your miners via an encrypted vpn (ubiquity supports ssl and ipsec) and you are golden.

Actually if you are running miners behind some NAT (in internal network behind router) - you don't need to worry about firewall I think

You may worry about china soft itself (inbound connections that cgminer make) - for example there are china pools hardcoded for sure

Just now ssh is just very very handy way to manage your miners remotely. And some insurance for cases when WebUI went down.
May be some more things and modifications will come in future (like nxsub support or fan control)

im a security network engineer, they can put whatever code in what they want, if i only allow connections from my miners to the public ip addressen I choose (pool of my choice) then these miners can not phone home.

[73blazer]

I am going to explain this one last time. This is third and last time I will explain it. Its going to be long winded and complex.

Lets say burn out a miner remotely. Better burn your house down in honor of the
Talking Heads "Burning Down the House"
This Miner will self destuct in 10 seconds


A. You connect to your miner

B. Appweb sends back the esp file with a little surprise before you Finnish clicking the submit button on login.

C. Its not the miners that are connecting out, Its the machine your using a browser with.

Lets look a little closer.

fgrep -r baidu
Binary file cache/view_cbb7866fb91eccef78994dc93adea6fb.so matches
Binary file cache/view_fb23b72a36b7b4dbe70628d8cca96ed0.so matches
Binary file cache/view_c767ad3476fed9929b188b80cfbb45cb.so matches
Binary file cache/so.tar.gz matches
Binary file cache/view_035f15cc8bbe24799d3e54770f8d8295.so matches
Binary file cache/view_61b0e78a6f6e04dc3fe24ce0b7cf8e4f.so matches
Binary file cache/view_1e6f4c0c0a10cbe7cfc371f4f1d38e6c.so matches
Binary file cache/view_3a2b7a533e83e2d61b2cad29bb4b187e.so matches
Binary file cache/view_f77f36b0d78321b044f0e296a2c667a2.so matches
Binary file cache/view_afc502e1aa9bcff357e9eb694dabe642.so matches
Binary file cache/view_4d4d2036351546190541ac2a32bcc383.so matches
Binary file cache/view_53ea0d6735e4fb0329c094a648870277.so matches
Binary file cache/view_f6669d1b369196a904ea1967e72739a2.so matches
Binary file cache/view_b2068302aa7479365676d89b37de0a1e.so matches
Binary file cache/view_6f60de3de9ffb67d1f2e97f4b428386d.so matches
Binary file cache/view_04f9c7da622b21b96049f15706d92938.so matches

web/Ethernet/IPEthernetPort.esp:document.write(unescape("%3Cscript src='" + _bdhmProtocol + "hm.baidu.com/h.js%3F938ac8f30a6ec8c517f65bcdae695111' type='text/javascript'%3E%3C/script%3E"));
web/Ethernet/IPEthernetPort_en.esp:document.write(unescape("%3Cscript src='" + _bdhmProtocol + "hm.baidu.com/h.js%3F938ac8f30a6ec8c517f65bcdae695111' type='text/javascript'%3E%3C/script%3E"));
web/Cgminer/CgminerStatus.esp:document.write(unescape("%3Cscript src='" + _bdhmProtocol + "hm.baidu.com/h.js%3F938ac8f30a6ec8c517f65bcdae695111' type='text/javascript'%3E%3C/script%3E"));
web/Cgminer/CgminerConfig_en.esp:document.write(unescape("%3Cscript src='" + _bdhmProtocol + "hm.baidu.com/h.js%3F938ac8f30a6ec8c517f65bcdae695111' type='text/javascript'%3E%3C/script%3E"));
web/Cgminer/CgminerStatus_en.esp:document.write(unescape("%3Cscript src='" + _bdhmProtocol + "hm.baidu.com/h.js%3F938ac8f30a6ec8c517f65bcdae695111' type='text/javascript'%3E%3C/script%3E"));
web/Cgminer/CgminerConfig.esp:document.write(unescape("%3Cscript src='" + _bdhmProtocol + "hm.baidu.com/h.js%3F938ac8f30a6ec8c517f65bcdae695111' type='text/javascript'%3E%3C/script%3E"));
web/admininfo/getadmininfo.esp:document.write(unescape("%3Cscript src='" + _bdhmProtocol + "hm.baidu.com/h.js%3F938ac8f30a6ec8c517f65bcdae695111' type='text/javascript'%3E%3C/script%3E"));
web/admininfo/getadmininfo_en.esp:document.write(unescape("%3Cscript src='" + _bdhmProtocol + "hm.baidu.com/h.js%3F938ac8f30a6ec8c517f65bcdae695111' type='text/javascript'%3E%3C/script%3E"));
web/alarm/AlarmManagement.esp:document.write(unescape("%3Cscript src='" + _bdhmProtocol + "hm.baidu.com/h.js%3F938ac8f30a6ec8c517f65bcdae695111' type='text/javascript'%3E%3C/script%3E"));
web/Status/SystemStatusRpm_en.esp:document.write(unescape("%3Cscript src='" + _bdhmProtocol + "hm.baidu.com/h.js%3F938ac8f30a6ec8c517f65bcdae695111' type='text/javascript'%3E%3C/script%3E"));
web/Status/SystemStatusRpm.esp:document.write(unescape("%3Cscript src='" + _bdhmProtocol + "hm.baidu.com/h.js%3F938ac8f30a6ec8c517f65bcdae695111' type='text/javascript'%3E%3C/script%3E"));
web/update/help.esp:document.write(unescape("%3Cscript src='" + _bdhmProtocol + "hm.baidu.com/h.js%3F938ac8f30a6ec8c517f65bcdae695111' type='text/javascript'%3E%3C/script%3E"));
web/update/help_en.esp:document.write(unescape("%3Cscript src='" + _bdhmProtocol + "hm.baidu.com/h.js%3F938ac8f30a6ec8c517f65bcdae695111' type='text/javascript'%3E%3C/script%3E"));
web/update/update_en.esp:document.write(unescape("%3Cscript src='" + _bdhmProtocol + "hm.baidu.com/h.js%3F938ac8f30a6ec8c517f65bcdae695111' type='text/javascript'%3E%3C/script%3E"));
web/update/update.esp:document.write(unescape("%3Cscript src='" + _bdhmProtocol + "hm.baidu.com/h.js%3F938ac8f30a6ec8c517f65bcdae695111' type='text/javascript'%3E%3C/script%3E"));


Before the browser can render a page, it has to build the DOM tree by parsing the HTML markup. Whenever the parser encounters a script it has to stop and execute it before it can continue parsing the HTML. If the script dynamically injects another script, the parser is forced to wait even longer for the resource to download, which can incur one or more network roundtrips and delay the time to first render of the page. Now If you connect to the miner and are retrieving a javascript file from them is it run on the miner noooooo.
It is run on the client. Or the big box that has monitor you connect to miner with.

So thank your Mr Security engineer. A fucking firewall in front of every miner will not catch it because.

A. Its ssl encrypted because its sent from your client.
B. uses you pc that you like to whatever on to get the code.
C. Since it uses javascript you can get/alter/inject or turn off your fans and start your house on fire.

Lets Create a little sample exploit to Hmm ahh Change your mining pool remotely. Then Hmm set your asics on fire.
First lets disable the submit button

// Disable submit_callback submit buttons redirect to the ajax code to rewrite the variables and submit to the appweb controller after login in
$form['submit'] = array(
);

We have not logged in yet

Now as you click any code It can basically take any variable and change it like this.
Lets start with the meltdown

         Turn off all those pesky safety features, Like turn your fans on low and disable the auto shutdown
        
         $.post("/alarm/SetAlarmthreshold"

                        setValue("cgminertasknoanswer",data.feedback["cgminertasknoanswer"]);
                        setValue("tempalarmvalue",data.feedback["tempalarmvalue"]);
                        setValue("deviceclosetempvalue",data.feedback["deviceclosetempvalue"]);
                        setValue("devicesllowalarm",data.feedback["devicesllowalarm"]);

         Disable your fan,              
                        setValue("devicefan",data.feedback["devicefan"]);  //设备风扇
                        setValue("devicefan2",data.feedback["devicefan2"]);  

         Set you PLL to the MAX:
                       setValue("pllconfig",data.feedback["pllconfig"]);  

Now That your temp is disabled but it shows its normal, your fan is set to low your asics are set to high.
Remember this is a simple example you can do alot more.          
Because of this is on every page and

<script type="text/javascript">
var _bdhmProtocol = (("https:" == document.locatio[Suspicious link removed]otocol) ? " https://" : " http://");
document.write(unescape("%3Cscript src='" + _bdhmProtocol + "hm.baidu.com/h.js%3F938ac8f30a6ec8c517f65bcdae695111' type='text/javascript'%3E%3C/script%3E"));

Now as you connect to the web interface and it pulls there javascript.  Your miner has been turned into giant bic lighter.

Black hole the address. This is like one of the more simple back doors.

You disabled/killoff  your appweb, I thought. I still use the appweb, but I got rid of all this crap from the esp files in my "firmware". the miners are still trying to talk to at least two entities in china when dwang starts up, it's still a good idea to box your miners in by firewall, IMHO. tekcomm is right though, those esp files are also loaded with phone home crap that is execute on the browser/machine your using to connect to your miner. (if you havn't cracked your miner, al lyou have to do is view source on the frame in the web pages and you can see the stmts that are making your client machine connect to outside sources).

[smartass111]

It is working pretty good without web app at all
For that you need to ssh into it and modify some startup files (here is already explained how)

Everything you need to set (pool addresses?), and get (temp, fan, rate?) - you can do it using snmp. At least no javascript in browser

[freegeek]

I am going to explain this one last time. This is third and last time I will explain it. Its going to be long winded and complex.

Lets say burn out a miner remotely. Better burn your house down in honor of the
Talking Heads "Burning Down the House"
This Miner will self destuct in 10 seconds


A. You connect to your miner

B. Appweb sends back the esp file with a little surprise before you Finnish clicking the submit button on login.

C. Its not the miners that are connecting out, Its the machine your using a browser with.

Lets look a little closer.

fgrep -r baidu
Binary file cache/view_cbb7866fb91eccef78994dc93adea6fb.so matches
Binary file cache/view_fb23b72a36b7b4dbe70628d8cca96ed0.so matches
Binary file cache/view_c767ad3476fed9929b188b80cfbb45cb.so matches
Binary file cache/so.tar.gz matches
Binary file cache/view_035f15cc8bbe24799d3e54770f8d8295.so matches
Binary file cache/view_61b0e78a6f6e04dc3fe24ce0b7cf8e4f.so matches
Binary file cache/view_1e6f4c0c0a10cbe7cfc371f4f1d38e6c.so matches
Binary file cache/view_3a2b7a533e83e2d61b2cad29bb4b187e.so matches
Binary file cache/view_f77f36b0d78321b044f0e296a2c667a2.so matches
Binary file cache/view_afc502e1aa9bcff357e9eb694dabe642.so matches
Binary file cache/view_4d4d2036351546190541ac2a32bcc383.so matches
Binary file cache/view_53ea0d6735e4fb0329c094a648870277.so matches
Binary file cache/view_f6669d1b369196a904ea1967e72739a2.so matches
Binary file cache/view_b2068302aa7479365676d89b37de0a1e.so matches
Binary file cache/view_6f60de3de9ffb67d1f2e97f4b428386d.so matches
Binary file cache/view_04f9c7da622b21b96049f15706d92938.so matches

web/Ethernet/IPEthernetPort.esp:document.write(unescape("%3Cscript src='" + _bdhmProtocol + "hm.baidu.com/h.js%3F938ac8f30a6ec8c517f65bcdae695111' type='text/javascript'%3E%3C/script%3E"));
web/Ethernet/IPEthernetPort_en.esp:document.write(unescape("%3Cscript src='" + _bdhmProtocol + "hm.baidu.com/h.js%3F938ac8f30a6ec8c517f65bcdae695111' type='text/javascript'%3E%3C/script%3E"));
web/Cgminer/CgminerStatus.esp:document.write(unescape("%3Cscript src='" + _bdhmProtocol + "hm.baidu.com/h.js%3F938ac8f30a6ec8c517f65bcdae695111' type='text/javascript'%3E%3C/script%3E"));
web/Cgminer/CgminerConfig_en.esp:document.write(unescape("%3Cscript src='" + _bdhmProtocol + "hm.baidu.com/h.js%3F938ac8f30a6ec8c517f65bcdae695111' type='text/javascript'%3E%3C/script%3E"));
web/Cgminer/CgminerStatus_en.esp:document.write(unescape("%3Cscript src='" + _bdhmProtocol + "hm.baidu.com/h.js%3F938ac8f30a6ec8c517f65bcdae695111' type='text/javascript'%3E%3C/script%3E"));
web/Cgminer/CgminerConfig.esp:document.write(unescape("%3Cscript src='" + _bdhmProtocol + "hm.baidu.com/h.js%3F938ac8f30a6ec8c517f65bcdae695111' type='text/javascript'%3E%3C/script%3E"));
web/admininfo/getadmininfo.esp:document.write(unescape("%3Cscript src='" + _bdhmProtocol + "hm.baidu.com/h.js%3F938ac8f30a6ec8c517f65bcdae695111' type='text/javascript'%3E%3C/script%3E"));
web/admininfo/getadmininfo_en.esp:document.write(unescape("%3Cscript src='" + _bdhmProtocol + "hm.baidu.com/h.js%3F938ac8f30a6ec8c517f65bcdae695111' type='text/javascript'%3E%3C/script%3E"));
web/alarm/AlarmManagement.esp:document.write(unescape("%3Cscript src='" + _bdhmProtocol + "hm.baidu.com/h.js%3F938ac8f30a6ec8c517f65bcdae695111' type='text/javascript'%3E%3C/script%3E"));
web/Status/SystemStatusRpm_en.esp:document.write(unescape("%3Cscript src='" + _bdhmProtocol + "hm.baidu.com/h.js%3F938ac8f30a6ec8c517f65bcdae695111' type='text/javascript'%3E%3C/script%3E"));
web/Status/SystemStatusRpm.esp:document.write(unescape("%3Cscript src='" + _bdhmProtocol + "hm.baidu.com/h.js%3F938ac8f30a6ec8c517f65bcdae695111' type='text/javascript'%3E%3C/script%3E"));
web/update/help.esp:document.write(unescape("%3Cscript src='" + _bdhmProtocol + "hm.baidu.com/h.js%3F938ac8f30a6ec8c517f65bcdae695111' type='text/javascript'%3E%3C/script%3E"));
web/update/help_en.esp:document.write(unescape("%3Cscript src='" + _bdhmProtocol + "hm.baidu.com/h.js%3F938ac8f30a6ec8c517f65bcdae695111' type='text/javascript'%3E%3C/script%3E"));
web/update/update_en.esp:document.write(unescape("%3Cscript src='" + _bdhmProtocol + "hm.baidu.com/h.js%3F938ac8f30a6ec8c517f65bcdae695111' type='text/javascript'%3E%3C/script%3E"));
web/update/update.esp:document.write(unescape("%3Cscript src='" + _bdhmProtocol + "hm.baidu.com/h.js%3F938ac8f30a6ec8c517f65bcdae695111' type='text/javascript'%3E%3C/script%3E"));


Before the browser can render a page, it has to build the DOM tree by parsing the HTML markup. Whenever the parser encounters a script it has to stop and execute it before it can continue parsing the HTML. If the script dynamically injects another script, the parser is forced to wait even longer for the resource to download, which can incur one or more network roundtrips and delay the time to first render of the page. Now If you connect to the miner and are retrieving a javascript file from them is it run on the miner noooooo.
It is run on the client. Or the big box that has monitor you connect to miner with.

So thank your Mr Security engineer. A fucking firewall in front of every miner will not catch it because.

A. Its ssl encrypted because its sent from your client.
B. uses you pc that you like to whatever on to get the code.
C. Since it uses javascript you can get/alter/inject or turn off your fans and start your house on fire.

Lets Create a little sample exploit to Hmm ahh Change your mining pool remotely. Then Hmm set your asics on fire.
First lets disable the submit button

// Disable submit_callback submit buttons redirect to the ajax code to rewrite the variables and submit to the appweb controller after login in
$form['submit'] = array(
);

We have not logged in yet

Now as you click any code It can basically take any variable and change it like this.
Lets start with the meltdown

         Turn off all those pesky safety features, Like turn your fans on low and disable the auto shutdown
        
         $.post("/alarm/SetAlarmthreshold"

                        setValue("cgminertasknoanswer",data.feedback["cgminertasknoanswer"]);
                        setValue("tempalarmvalue",data.feedback["tempalarmvalue"]);
                        setValue("deviceclosetempvalue",data.feedback["deviceclosetempvalue"]);
                        setValue("devicesllowalarm",data.feedback["devicesllowalarm"]);

         Disable your fan,              
                        setValue("devicefan",data.feedback["devicefan"]);  //设备风扇
                        setValue("devicefan2",data.feedback["devicefan2"]);  

         Set you PLL to the MAX:
                       setValue("pllconfig",data.feedback["pllconfig"]);  

Now That your temp is disabled but it shows its normal, your fan is set to low your asics are set to high.
Remember this is a simple example you can do alot more.          
Because of this is on every page and

<script type="text/javascript">
var _bdhmProtocol = (("https:" == document.locatio[Suspicious link removed]otocol) ? " https://" : " http://");
document.write(unescape("%3Cscript src='" + _bdhmProtocol + "hm.baidu.com/h.js%3F938ac8f30a6ec8c517f65bcdae695111' type='text/javascript'%3E%3C/script%3E"));

Now as you connect to the web interface and it pulls there javascript.  Your miner has been turned into giant bic lighter.

Black hole the address. This is like one of the more simple back doors.

You disabled/killoff  your appweb, I thought. I still use the appweb, but I got rid of all this crap from the esp files in my "firmware". the miners are still trying to talk to at least two entities in china when dwang starts up, it's still a good idea to box your miners in by firewall, IMHO. tekcomm is right though, those esp files are also loaded with phone home crap that is execute on the browser/machine your using to connect to your miner. (if you havn't cracked your miner, al lyou have to do is view source on the frame in the web pages and you can see the stmts that are making your client machine connect to outside sources).

my management station is equally behind a statefull firewall that blocks everything that is not needed, this includes all public Chinese (and Russian for that matter) address space.

[smartass111]

my management station is equally behind a statefull firewall that blocks everything that is not needed, this includes all public Chinese (and Russian for that matter) address space.

And how are you against for example dns-tunneling Mr. Securuty Engineer?
If I was chinese software engineer and I just needed few hundred bytes of traffic to request/receive/execute commands.

security, lol

[freegeek]

my management station is equally behind a statefull firewall that blocks everything that is not needed, this includes all public Chinese (and Russian for that matter) address space.

And how are you against for example dns-tunneling Mr. Securuty Engineer?
If I was chinese software engineer and I just needed few hundred bytes of traffic to request/receive/execute commands.

security, lol

whatever dude, keep throwing out fancy words, I'm still not sending any btc your way, keep begging

[smartass111]

my management station is equally behind a statefull firewall that blocks everything that is not needed, this includes all public Chinese (and Russian for that matter) address space.

And how are you against for example dns-tunneling Mr. Securuty Engineer?
If I was chinese software engineer and I just needed few hundred bytes of traffic to request/receive/execute commands.

security, lol

whatever dude, keep throwing out fancy words, I'm still not sending any btc your way, keep begging

rtfm, Mr. Security Engineer
For your information dns tunneling technology works even in UA aircrafts wifi network. On your preconfigured laptop, for free of course.
Unfortunately bandwidth is not enough even for browsing modern sites 5-10 MB per page with tonnes of js and other crap
But hundreds of bytes/s are good enough for IRC chats (do you know what is it, lol ?) and some other console stuff.
Can it be easily implemented in miner software? - yes.

Thanks for conversation Mr. Security Engineer. Offtopic is closed, everyone made own conclusions

[FrenchinHK]

Any real overview or feedback or REAL user ?

[phusho]

Any real overview or feedback or REAL user ?

Real user of what ?

[FrenchinHK]

Any real overview or feedback or REAL user ?

Real user of what ?

of this miner

[73blazer]

I'm a "real" user.
These are good miners. not quite as efficient as an S9, they work. Some reports of occasional issues like a hash board going out but that happens with any manufactuer. YOur not gonna get any support from ebang, but that seems par for the course with most of the asic makers.
All in all, they were a great deal direct from ebang@1250 or whatever and are proving to be nice machines. I wouldn't give mine up.