Antbleed: A remote shutdown backdoor in antminers

[Vorth]

I'm reading that they could also do a remote reflash of the firmware and potentially brick the hardware.

[franky1]

wow just wow, you just went full retard franky1.

1. DNS seeds can RPC call the nodes EG trigger some buggy code in implementations - we all know thats possible

2. i wanted to see how many people would reply to protect the blockstreamers access to all nodes, and see if them same people are the same people screaming blue murder about anything not core having similar access to things that are not core. such as asics or other implementations. as an experiment on who factually knows whats possible and who is speculating about worse case scenarios.

i find it funny when people create drama about one thing, but are not equally as critical about the other

ever ask yourself why there are no 0.8 or below nodes on the network
and how easy it could be to start making other implementations not have access.
EG anything below 0.13.1 (70014) can find themselves 'lost'

#define REQUIRE_VERSION 70001
 if (clientVersion && clientVersion < REQUIRE_VERSION) return false;

simply change to

#define REQUIRE_VERSION 70014
 if (clientVersion && clientVersion < REQUIRE_VERSION) return false;

and anything not segwit just wouldnt get a list of nodes from a DNS

and most of the segwit users wont want to manually white list old nodes to offer up a nodes list the other way.
hence why even the segwit documentations says

https://bitcoincore.org/en/2016/10/27/segwit-upgrade-guide/#not-upgrading-1

The easiest way to prevent this problem is to upgrade to Bitcoin Core 0.13.1 or another full node release that is compatible with the segwit soft fork. If you still don’t wish to upgrade, it is possible to use a newer Bitcoin Core release as a filter for older Bitcoin Core releases.

Filtering by an upgraded node

In this configuration, you set your current Bitcoin Core node (which we’ll call the “older node”) to connect exclusively to a node running Bitcoin Core 0.13.1 or later (which we’ll call the “newer node”). The newer node is connected to the Bitcoin P2P network as usual.
For the older node, first wait for the newer node to finish syncing the blockchain and then restart the older node with the following command line parameter (this may also be placed in the Bitcoin Core configuration file):

yep if you dont want to upgrade. you have to still download a segwit node just to whitelist yourself.

which makes me laugh about the whole "everything is fine segwit is backward compatible and no need to upgrade" promises of segwit going soft

i hope this wakes you up to the TIER network of gmaxwells (upstream filter) and (luke JRs bridge node) word twisting of said tier network of control
where blockstream becomes top of the foodchain..

[arklan]

I'm reading that they could also do a remote reflash of the firmware and potentially brick the hardware.

that was correct in theory, but they've now patched the firmware, so it's a non-issue.

[-ck]

I'm reading that they could also do a remote reflash of the firmware and potentially brick the hardware.

that was correct in theory, but they've now patched the firmware, so it's a non-issue.

...for those who have updated their firmware.

[anonymoustroll420]

1. DNS seeds can RPC call the nodes EG trigger some buggy code in implementations - we all know thats possible

No? Open a terminal and type "host dnsseed.bitcoin.dashjr.org"

you get an output like this:

Code:

dnsseed.bitcoin.dashjr.org has address 200.8.154.156
dnsseed.bitcoin.dashjr.org has address 124.170.80.250
dnsseed.bitcoin.dashjr.org has address 66.187.187.94
dnsseed.bitcoin.dashjr.org has address 188.81.38.4
dnsseed.bitcoin.dashjr.org has address 18.85.35.180
dnsseed.bitcoin.dashjr.org has address 192.241.135.239
dnsseed.bitcoin.dashjr.org has address 92.232.205.21
dnsseed.bitcoin.dashjr.org has address 202.7.239.164
dnsseed.bitcoin.dashjr.org has address 101.167.34.215
dnsseed.bitcoin.dashjr.org has address 97.92.247.128
dnsseed.bitcoin.dashjr.org has address 68.6.231.19
dnsseed.bitcoin.dashjr.org has address 54.94.207.125
dnsseed.bitcoin.dashjr.org has address 23.243.158.222
dnsseed.bitcoin.dashjr.org has address 62.76.26.214
dnsseed.bitcoin.dashjr.org has address 189.34.57.96
dnsseed.bitcoin.dashjr.org has address 111.164.172.20
dnsseed.bitcoin.dashjr.org has address 71.81.75.127
dnsseed.bitcoin.dashjr.org has address 178.113.182.244
dnsseed.bitcoin.dashjr.org has address 85.74.245.220
dnsseed.bitcoin.dashjr.org has address 79.148.67.94
dnsseed.bitcoin.dashjr.org has address 67.207.80.65
dnsseed.bitcoin.dashjr.org has address 96.23.239.29
dnsseed.bitcoin.dashjr.org has address 90.3.155.239
dnsseed.bitcoin.dashjr.org has address 85.228.58.134
dnsseed.bitcoin.dashjr.org has address 46.4.75.10
dnsseed.bitcoin.dashjr.org has address 185.104.11.148
dnsseed.bitcoin.dashjr.org has address 80.114.11.217
dnsseed.bitcoin.dashjr.org has IPv6 address 2001:0:4137:9e76:34:211e:fde7:79d8
dnsseed.bitcoin.dashjr.org has IPv6 address 2001:0:5ef5:79fd:30a9:f23:416e:e935
dnsseed.bitcoin.dashjr.org has IPv6 address 2a01:e35:2e54:52c0:5859:d7cb:5cae:2ad5
dnsseed.bitcoin.dashjr.org has IPv6 address 2001:0:4137:9e76:10eb:3b18:b61e:38bd
dnsseed.bitcoin.dashjr.org has IPv6 address 2001:0:4137:9e76:3e:18f5:b5ad:115d
dnsseed.bitcoin.dashjr.org has IPv6 address 2001:0:9d38:953c:20bf:28b2:afe7:8a94
dnsseed.bitcoin.dashjr.org has IPv6 address 2001:0:9d38:6ab8:1460:2878:ae4e:5e7
dnsseed.bitcoin.dashjr.org has IPv6 address 2001:0:9d38:953c:10b3:3382:4fa9:4aaa
dnsseed.bitcoin.dashjr.org has IPv6 address 2a02:2c8:1:253:4d1:229d:b4c0:b4a5
dnsseed.bitcoin.dashjr.org has IPv6 address 2001:0:4137:9e76:65:2785:bc48:6331
dnsseed.bitcoin.dashjr.org has IPv6 address 2001:0:4137:9e76:407:361a:ae98:1c3b
dnsseed.bitcoin.dashjr.org has IPv6 address 2600:6c55:7200:14b:cf4:811c:7cb3:f7a7
dnsseed.bitcoin.dashjr.org has IPv6 address 2001:0:4137:9e76:c03:13fa:a971:d5e4
dnsseed.bitcoin.dashjr.org has IPv6 address 2001:0:5ef5:79fb:206f:2bed:bb3c:20a5
dnsseed.bitcoin.dashjr.org has IPv6 address 2001:0:5ef5:79fb:3822:1edd:a80b:bc9f
dnsseed.bitcoin.dashjr.org has IPv6 address 2001:0:9d38:6abd:3438:37c:4dfd:7d4

Those are node IP's. Thats how DNS seeding works, it simply does a DNS lookup. There is no attack surface here.

and how easy it could be to start making other implementations not have access.
EG anything below 0.13.1 (70014) can find themselves 'lost'

That code you provided deals with adding new nodes to the DNS seed. Old and broken nodes are not added to the DNS seed, but old nodes can of course still query the DNS seed for IP's and connect. Even if they couldn't, you could simply run "host dnsseed.bitcoin.dashjr.org" and add the IP's yourself.

By the way, you're full of shit when you say there are only 3 DNS seeds:

Code:

        vSeeds.push_back(CDNSSeedData("bitcoin.sipa.be", "seed.bitcoin.sipa.be", true)); // Pieter Wuille, only supports x1, x5, x9, and xd
        vSeeds.push_back(CDNSSeedData("bluematt.me", "dnsseed.bluematt.me", true)); // Matt Corallo, only supports x9
        vSeeds.push_back(CDNSSeedData("dashjr.org", "dnsseed.bitcoin.dashjr.org")); // Luke Dashjr
        vSeeds.push_back(CDNSSeedData("bitcoinstats.com", "seed.bitcoinstats.com", true)); // Christian Decker, supports x1 - xf
        vSeeds.push_back(CDNSSeedData("bitcoin.jonasschnelli.ch", "seed.bitcoin.jonasschnelli.ch", true)); // Jonas Schnelli, only supports x1, x5, x9, and xd
        vSeeds.push_back(CDNSSeedData("petertodd.org", "seed.btc.petertodd.org", true)); // Peter Todd, only supports x1, x5, x9, and xd

By the way, I find it hilarious that the only BU-only DNS seed seed.btcc.com is broken right now, much like everything BU related.

yep if you dont want to upgrade. you have to still download a segwit node just to whitelist yourself.

No you just need to use one as a bridge, can be any node, use mine if you like

[-ck]

I'm reading that they could also do a remote reflash of the firmware and potentially brick the hardware.

that was correct in theory, but they've now patched the firmware, so it's a non-issue.

...for those who have updated their firmware.

Which we all know doesn't happen often, most users set it and forget it.

Which was the point of my post... likely the bulk of them out there are still vulnerable.

Additionally I happen to know that certain functionality only existed on the first S9 firmware and many users are reluctant to change from it.

[leopard2]

I'm reading that they could also do a remote reflash of the firmware and potentially brick the hardware.

that was correct in theory, but they've now patched the firmware, so it's a non-issue.

...for those who have updated their firmware.

Their evil plan is now spoiled but they had an evil plan, that's what counts.

If someone fires a gun at me and misses, would I listen to a shill who says "Why you worried? Nothing happened." 

[homeidea11111]

So if I understood it correctly, bitmain has a remote kill-switch (effectively, since they can brick the machines with the firmware change) on 70% of hashrate? fanastic. What are we supposed to do now, other than change the PoW algo immediately? Core Devs should be having a meeting with non-Bitmain miners right now proposing a roadmap to change the algo and leave Bitmain isolated. I don't think even the BU camp is stupid enough to keep supporting Jihan and his rigged miners anymore.

Anything but open source mining machines should be totally banned from the network. Ideally we should go back to 1cpu=1miner with a new PoW, but how do we guarantee that we will not end up like this again? at least we'll set a precedent I guess.

Anyway, I hope Core Devs are already on this like I said before. We can't go no longer than a week sitting under explosives.

That is really worrying. I guess people should now consider  this on top of the standard 51% attack possibility

[WinMar]

The evil plan seems to be thwarted for now as the website that the miners are supposed to connect to seems to be offline.

[RochaMckay]

Core Devs should be having a meeting with non-Bitmain miners right now proposing a roadmap to change the algo and leave Bitmain isolated

[WinMar]

@ RochaMckay

Its too late to do that now. If you change the mining algorithm now everyone gets screwed. The time to have done it should have been just when they started selling the L3 antminers. Now millions of dollars have been spent by miners and changing it now would be like chopping off your nose to spite your face.

[jbreher]

Core Devs should be having a meeting with non-Bitmain miners right now proposing a roadmap to change the algo and leave Bitmain isolated

Refer to what recently happened to Bitcoin Gold as evidence of the stupidity of throwing aside billions of $USD of dedicated security appliances.

But by all means, go for it. Knock yourselves out. Uncover yet another way to learn how worthless NotBitcoin is.

[jacksadown0920]

What are we supposed to do now, other than change the PoW algo immediately? Core Devs should be having a meeting with non-Bitmain miners right now proposing a roadmap to change the algo and leave Bitmain isolated

[WinMar]

Unfortunately Bitmain would just make new miners to match the new algo and we the people would be lining up to by them. The key to bitmain's success is their pool people must not mine there as this gives them control of the block chain. Then they can do some really nasty thing.

[jbreher]

What are we supposed to do now, other than change the PoW algo immediately? Core Devs should be having a meeting with non-Bitmain miners right now proposing a roadmap to change the algo and leave Bitmain isolated

Why? Other than provide more Bitcoin dedicated security equipment than any other party, what have they done that is so heinous?

[WinMar]

Bitcoin Gold 51% attack, there are many people who say Bitmain was behind that attack.

[jbreher]

Bitcoin Gold 51% attack, there are many people who say Bitmain was behind that attack.

Hmm. So... jump to hasty conclusions, accept hearsay is if it were proof, and berate the merely suspected. Got it.

[CurtisEvans]

Bitmain fucked up, with no malice as is revealed by the open nature of their code on github. Malware writers do not publish their code for the whole world to see.Great to see there are people looking out for these exploits, but I think bitmain really screwed up here.

[coinbeamer]

All my antminers we're Stolen about 2 Werks ago.
Ist there a way To get the thieves IP Using this antbleed stuff?

[NGOCDIEP]

And antbleed.com needs to modify their statements about what miners have it. I will verify tomorrow but am POSITIVE my few remaining batch-1, 3, and 5 s7's have the MinerLink option in the GUI.