Antbleed: A remote shutdown backdoor in antminers

[freebutcaged]

Just block the function by the method which OP provided and end of story, I wonder if someone could actually opens a backdoor in their backdoor and shuts down their miners?
It's just like microsoft, they have backdoors in their software, firmware in windows 10 which runs in the back ground and bypasses the user's settings.
How? while you are on metered connection it disconnects your wifi and doesn't allow you to connect until you plug the cable and then it starts to auto update and automatically removes the metered connection ticker no matter what you do it will update the windows.
But shutting down remotely? that's too much extreme.

[1714071537]

1714071537

[1714071537]

1714071537

[1714071537]

1714071537

[1714071537]

1714071537

[1714071537]

1714071537

[1714071537]

1714071537

[BillyBobZorton]

Just block the function by the method which OP provided and end of story, I wonder if someone could actually opens a backdoor in their backdoor and shuts down their miners?
It's just like microsoft, they have backdoors in their software, firmware in windows 10 which runs in the back ground and bypasses the user's settings.
How? while you are on metered connection it disconnects your wifi and doesn't allow you to connect until you plug the cable and then it starts to auto update and automatically removes the metered connection ticker no matter what you do it will update the windows.
But shutting down remotely? that's too much extreme.

This is bitcoin, supposed to be the pinnacle of open source development, anything that resembles windows is a disaster. Collecting data, remotely shutting down mining machines and so on, shouldn't be tolerated, it shouldn't even be an option. Everyone in mining should be boycotting bitmain. If I had the money I would start a mining business that guarantees those things will never be possible because it will be hardcoded to never collect data and never take any remote orders finding a way to isolate all the stuff that doesn't need to be shared over the internet.

[The One]

You'd think that if bitmain were to cease development on minerlink, they would remove all related code, or even announce that they are working on a fix.

Great to see there are people looking out for these exploits, but I think bitmain really screwed up here.

has anyone looked at bitcoin cores DNS seed managed by mainly blockstreamers

        vSeeds.push_back(CDNSSeedData("bitcoin.sipa.be", "seed.bitcoin.sipa.be", true)); // Pieter Wuille, only supports x1, x5, x9, and xd
        vSeeds.push_back(CDNSSeedData("bluematt.me", "dnsseed.bluematt.me", true)); // Matt Corallo, only supports x9
        vSeeds.push_back(CDNSSeedData("dashjr.org", "dnsseed.bitcoin.dashjr.org")); // Luke Dashjr

Looked.

Now what the purpose of the above?

[anonymoustroll420]

You'd think that if bitmain were to cease development on minerlink, they would remove all related code, or even announce that they are working on a fix.

Great to see there are people looking out for these exploits, but I think bitmain really screwed up here.

has anyone looked at bitcoin cores DNS seed managed by mainly blockstreamers

        vSeeds.push_back(CDNSSeedData("bitcoin.sipa.be", "seed.bitcoin.sipa.be", true)); // Pieter Wuille, only supports x1, x5, x9, and xd
        vSeeds.push_back(CDNSSeedData("bluematt.me", "dnsseed.bluematt.me", true)); // Matt Corallo, only supports x9
        vSeeds.push_back(CDNSSeedData("dashjr.org", "dnsseed.bitcoin.dashjr.org")); // Luke Dashjr

Looked.

Now what the purpose of the above?

It's one method used by Bitcoin to find out the IP of other nodes. There is a risk that the DNS seeds could co-operate together and attempt sybil you off the network by only giving you IP's controlled by them, but it is only one method used and it's only used during the initial set up of a node. The IP's are also sent over DNS, which gets cached by various DNS servers, making it nearly impossible to do that. After your node gets an initial list of node IPs your node keeps a DB of IP's and nodes share IP's between each other. The risk of an attack this way is absolutely tiny that its not even worth mentioning. As long as your node discovers the IP of one honest node, you are safe.

[Quantus]

You'd think that if bitmain were to cease development on minerlink, they would remove all related code, or even announce that they are working on a fix.

Great to see there are people looking out for these exploits, but I think bitmain really screwed up here.

has anyone looked at bitcoin cores DNS seed managed by mainly blockstreamers

        vSeeds.push_back(CDNSSeedData("bitcoin.sipa.be", "seed.bitcoin.sipa.be", true)); // Pieter Wuille, only supports x1, x5, x9, and xd
        vSeeds.push_back(CDNSSeedData("bluematt.me", "dnsseed.bluematt.me", true)); // Matt Corallo, only supports x9
        vSeeds.push_back(CDNSSeedData("dashjr.org", "dnsseed.bitcoin.dashjr.org")); // Luke Dashjr

wow just wow, you just went full retard franky1.

[franky1]

It's one method used by Bitcoin to find out the IP of other nodes. There is a risk that the DNS seeds could co-operate together and attempt sybil you off the network by only giving you IP's controlled by them, but it is only one method used and it's only used during the initial set up of a node. The IP's are also sent over DNS, which gets cached by various DNS servers, making it nearly impossible to do that. After your node gets an initial list of node IPs your node keeps a DB of IP's and nodes share IP's between each other. The risk of an attack this way is absolutely tiny that its not even worth mentioning.

look at what vrsions 0.13+ are doing when "first set up"
hint gmaxwells buzzword: upstream tier
hint luke Jrs buzzword: bridge node

[The One]

You'd think that if bitmain were to cease development on minerlink, they would remove all related code, or even announce that they are working on a fix.

Great to see there are people looking out for these exploits, but I think bitmain really screwed up here.

has anyone looked at bitcoin cores DNS seed managed by mainly blockstreamers

        vSeeds.push_back(CDNSSeedData("bitcoin.sipa.be", "seed.bitcoin.sipa.be", true)); // Pieter Wuille, only supports x1, x5, x9, and xd
        vSeeds.push_back(CDNSSeedData("bluematt.me", "dnsseed.bluematt.me", true)); // Matt Corallo, only supports x9
        vSeeds.push_back(CDNSSeedData("dashjr.org", "dnsseed.bitcoin.dashjr.org")); // Luke Dashjr

Looked.

Now what the purpose of the above?

It's one method used by Bitcoin to find out the IP of other nodes. There is a risk that the DNS seeds could co-operate together and attempt sybil you off the network by only giving you IP's controlled by them, but it is only one method used and it's only used during the initial set up of a node. The IP's are also sent over DNS, which gets cached by various DNS servers, making it nearly impossible to do that. After your node gets an initial list of node IPs your node keeps a DB of IP's and nodes share IP's between each other. The risk of an attack this way is absolutely tiny that its not even worth mentioning. As long as your node discovers the IP of one honest node, you are safe.

So is the vSeeds above necessary? What is x1, x5,x9 and xd anyway?

[anonymoustroll420]

So is the vSeeds above necessary? What is x1, x5,x9 and xd anyway?

It helps prevent against partitioning. The IP's given out by the DNS seeds are entirely random, while the IP's discovered by other methods are not so random.

Prior to the DNS seeds existing, Bitcoin used to join an IRC server and get other node IP's from that. Satoshi seemingly stole this code from gnutella, a filesharing protocol. The IRC server admin thought Bitcoin was a filesharing program or a botnet, and banned it from the server. Bitcoin used another IRC server for a while, until DNS seeds were implemented. Clearly the DNS seeds are a much better way than using a centralized chat server. Because it uses DNS, even if the seeds go offline, most nodes can still bootstrap for a period of time until DNS servers clear their caches.

I'm not sure what x1, x5,x9 and xd is.

[jbreher]

500k a month to keep BU propped up,

You seem to be making a claim that some party is expending "500k a month to keep BU propped up". Care to substantiate this? Is this 500K USDollars? Who is the party making this expenditure? In what way is this expenditure 'keeping BU propped up'? How do you know this to be the case?

[anonymoustroll420]

500k a month to keep BU propped up,

You seem to be making a claim that some party is expending "500k a month to keep BU propped up". Care to substantiate this? Who is the party making this expenditure? In what way is this expenditure 'keeping BU propped up'? How do you know this to be the case?

In an interview, Charlie Shrem made the claim that Roger Ver is spending $500,000/mo to "keep BU propped up". No more details than that were given. Charlie Shrem was the owner of BitInstant, which Roger Ver was a large investor of. Roger Ver denies the claim.

However it is known that Roger Ver is funding >90% of BU development. It's likely he also has other expenses too. How much all these expenses total up to is difficult to figure out.

[jbreher]

500k a month to keep BU propped up,

You seem to be making a claim that some party is expending "500k a month to keep BU propped up". Care to substantiate this? Who is the party making this expenditure? In what way is this expenditure 'keeping BU propped up'? How do you know this to be the case?

In an interview, Charlie Shrem made the claim that Roger Ver is spending $500,000/mo to "keep BU propped up". No more details than that were given. Charlie Shrem was the owner of BitInstant, which Roger Ver was a large investor of. Roger Ver denies the claim.

So an unsubstantiated rumor. Got it.

Now that Bitcoin Jesus has been recast as Bitcoin Judas, with a huge contingent prepared to cast him through the gates of hell, should we not be suspicious of unsubstantiated rumors?

I see you've edited, so I shall also:

However it is known that Roger Ver is funding >90% of BU development.

No. The vast majority of BU development is pro bono. Roger made a significant donation to the BU Foundation, but most of that cash is sitting dormant.

[anonymoustroll420]

So an unsubstantiated rumor. Got it.

Now that Bitcoin Jesus has been recast as Bitcoin Judas, with a huge contingent prepared to cast him through the gates of hell, should we not be suspicious of unsubstantiated rumors?

Well, the claim is being made by someone who was very close to Roger Ver, not some anonymous troll, so there could be some truth to it. Certainly Roger Ver is spending a lot of money on BU, how much is not known.

[achow101]

I'm not sure what x1, x5,x9 and xd is.

Those refer to the services that a node supports.

x1 is NODE_NETWORK, i.e. a full node
x5 is NODE_NETWORK and NODE_BLOOM
x9 is NODE_NETWORK and NODE_WITNESS
xd (aka x13) is NODE_NETWORK, NODE_BLOOM, and NODE_WITNESS

[digaran]

Pointing fingers, blaming blockstreamers for implementing backdoor trojan horse segwit, it was all the real distraction from all the real fucked up things happening right under our noses and guess who managed to constantly divert the attentions away from the real menace?
I'm really disappointed in you franky1 I thought you were different but now I see that you were the one distracting everyone with your finger pointing blaming gmaxwell and showing colorful graphs and charts.
I mean this is just too obvious and I'm the idiot to actually counting on your words for a while but now even me with a pea sized brain can see what is going on.

We should strip you naked and shame you all the way to the court, at least share some of that fat bonus for posting and be an absolute enemy of Core with us I could easily be very convincing with only $5 bucks per effective post .

Now I don't know who can I trust anymore, people literally caught them bitmainers while raping the community and yet you come here and say no it wasn't them.
By my calculations I have an estimation that antpool alone is earning averagely $450K upto $600K every 24 hours of every 7 days of every week.
Now take the average of $500K daily * 30 of one month = $15,000,000 dollars and 20% of $15M is = $3,000,000 dollars and according to you the ROI for the manufacturers is instant or one month, so they even ROIed 3 times over already before releasing the S9s to the public.

And now people should know that they have made at least $20M in last 6 months out of the thin air which was coming from within another thin air mining and again mining with asicboost double thin airs.

Now I understand where the funds for spam transactions/ forum dos attacks come from, no people unrelated to crypto specifically bitcoin aren't crazy to dos the forum or spam attack the network and waste their hard earned money.

Who could've thought about all of this right?

I didn't even count the double earnings of selling miners to the public and didn't account for other pools owned by antpool and other coins, hell I'm now certain that they have earned double the amount on LTC mining .

[The One]

500k a month to keep BU propped up,

You seem to be making a claim that some party is expending "500k a month to keep BU propped up". Care to substantiate this? Who is the party making this expenditure? In what way is this expenditure 'keeping BU propped up'? How do you know this to be the case?

In an interview, Charlie Shrem made the claim that Roger Ver is spending $500,000/mo to "keep BU propped up". No more details than that were given. Charlie Shrem was the owner of BitInstant, which Roger Ver was a large investor of. Roger Ver denies the claim.

However it is known that Roger Ver is funding >90% of BU development. It's likely he also has other expenses too. How much all these expenses total up to is difficult to figure out.

Is this the same C Shrem that was find guilty and went to prison?

[The One]

I'm not sure what x1, x5,x9 and xd is.

Those refer to the services that a node supports.

x1 is NODE_NETWORK, i.e. a full node
x5 is NODE_NETWORK and NODE_BLOOM
x9 is NODE_NETWORK and NODE_WITNESS
xd (aka x13) is NODE_NETWORK, NODE_BLOOM, and NODE_WITNESS

Thanks, so how does all this work?

I can see the xd detail looking at the wallet peers. Does it need to be activated or is it automatic?

[The One]

Pointing fingers, blaming blockstreamers for implementing backdoor trojan horse segwit, it was all the real distraction from all the real fucked up things happening right under our noses and guess who managed to constantly divert the attentions away from the real menace?
I'm really disappointed in you franky1 I thought you were different but now I see that you were the one distracting everyone with your finger pointing blaming gmaxwell and showing colorful graphs and charts.
I mean this is just too obvious and I'm the idiot to actually counting on your words for a while but now even me with a pea sized brain can see what is going on.

We should strip you naked and shame you all the way to the court, at least share some of that fat bonus for posting and be an absolute enemy of Core with us I could easily be very convincing with only $5 bucks per effective post .

Now I don't know who can I trust anymore, people literally caught them bitmainers while raping the community and yet you come here and say no it wasn't them.
By my calculations I have an estimation that antpool alone is earning averagely $450K upto $600K every 24 hours of every 7 days of every week.
Now take the average of $500K daily * 30 of one month = $15,000,000 dollars and 20% of $15M is = $3,000,000 dollars and according to you the ROI for the manufacturers is instant or one month, so they even ROIed 3 times over already before releasing the S9s to the public.

And now people should know that they have made at least $20M in last 6 months out of the thin air which was coming from within another thin air mining and again mining with asicboost double thin airs.

Now I understand where the funds for spam transactions/ forum dos attacks come from, no people unrelated to crypto specifically bitcoin aren't crazy to dos the forum or spam attack the network and waste their hard earned money.

Who could've thought about all of this right?

I didn't even count the double earnings of selling miners to the public and didn't account for other pools owned by antpool and other coins, hell I'm now certain that they have earned double the amount on LTC mining .

Trust no one, but yourself.

Do your own research and read the technical whitepapers.

Ask yourself what is Bitcoin suppose to be. Payment service or gold 2.0?

Look at the fees and ask yourself why it is so high.

Understand basic economics, supply and demand; scarcity would do for now.

Ask yourself what agenda does the developers/miners have.

The truth will come to you.

[achow101]

Is this the same C Shrem that was find guilty and went to prison?

Yes. IIRC he was released a few months ago.

Thanks, so how does all this work?

I can see the xd detail looking at the wallet peers. Does it need to be activated or is it automatic?

It depends on the software that you are running. Different software will support different services. Additionally if you have pruning enabled you will be disabling NODE_NETWORK for your node. If you run Bitcoin Core 0.13.1+, your node will be xd. Earlier versions should be x5 and even older ones will be x1.

[The One]

Is this the same C Shrem that was find guilty and went to prison?

Yes. IIRC he was released a few months ago.

Thanks, so how does all this work?

I can see the xd detail looking at the wallet peers. Does it need to be activated or is it automatic?

It depends on the software that you are running. Different software will support different services. Additionally if you have pruning enabled you will be disabling NODE_NETWORK for your node. If you run Bitcoin Core 0.13.1+, your node will be xd. Earlier versions should be x5 and even older ones will be x1.

Just worked that out a minute ago lol thanks.

[arklan]

Is this the same C Shrem that was find guilty and went to prison?

Yes. IIRC he was released a few months ago.

well, that's good to hear. if i recall the charges were really really crappy.