update firmware Antminer S9 && hacked bgminer.conf

[gutsy_btc]

Hi everyone,

I've an antminer S9 kidnapped, and there is some cron job that modifies the conf every X hours.

I tried to update firmware to Antminer-S9-all-201708151137-autofreq-user-Update2UBI-NF.tar.gz, but it shows the following error: "error 403 request entity too large". It already has this firmware, but I tried to update it using other browsers with the same result. lighthttpd.conf doesn't show any info. I also tried firmware Antminer-S9-all-201704270135-autofreq-user-Update2UBI-NF.tar.gz with the same result.

When updating with s9_fix_upgrade.tar.gz to recover the fs, it shows a cgi html error "This firmware is for S9 XILINK" (it doesn't show the html page properly, but txt), but nothing more.

May you help me?

Thanks in advance

[Elphamyto]

Did you try doing all the reset and restore options (holding down reset button)? Can you load the S9 image onto an SD card and insert it?

[gutsy_btc]

Did you try doing all the reset and restore options (holding down reset button)? Can you load the S9 image onto an SD card and insert it?

This 13.0T model has the same chasis, but no sdcard reader. Does anyone know where to find the cron jobs? It seems to be some chroot proceses, isn't it? Every X hours, it changes the worker config.

 

[gutsy_btc]

I've been comparing 2 S9, a working one and the hacked one, you can see the log monitor in https://pastebin.com/74qBhhi1.

It's weird that {m5} eth1 /root/m5, eating CPU and being repeated many times....

any ideas to solve this?

Thanks!!

[xxcsu]

Hi everyone,

I've an antminer S9 kidnapped, and there is some cron job that modifies the conf every X hours.

I tried to update firmware to Antminer-S9-all-201708151137-autofreq-user-Update2UBI-NF.tar.gz, but it shows the following error: "error 403 request entity too large". It already has this firmware, but I tried to update it using other browsers with the same result. lighthttpd.conf doesn't show any info. I also tried firmware Antminer-S9-all-201704270135-autofreq-user-Update2UBI-NF.tar.gz with the same result.

When updating with s9_fix_upgrade.tar.gz to recover the fs, it shows a cgi html error "This firmware is for S9 XILINK" (it doesn't show the html page properly, but txt), but nothing more.

May you help me?

Thanks in advance

I have the same problem with one of my s9 / 13TH/s model

Miner Type   Antminer S9
Hostname   mi03
Model   GNU/Linux
Hardware Version   12.8.1.3
Kernel Version   Linux 3.14.0-xilinx-gb190cb0-dirty #57 SMP PREEMPT Fri Dec 9 14:49:22 CST 2016
File System Version   Tue Jan 24 22:42:36 EST 2017
BMminer Version   2.0.0
Uptime   1
Load Average   0.31, 0.22, 0.19

[Elphamyto]

Did you try doing all the reset and restore options (holding down reset button)? Can you load the S9 image onto an SD card and insert it?

This 13.0T model has the same chasis, but no sdcard reader. Does anyone know where to find the cron jobs? It seems to be some chroot proceses, isn't it? Every X hours, it changes the worker config.

 

Did you hold the reset button for 5-10 seconds and wait for it to reset to factory settings?
The cron tasks are in /var/spool/cron/root
You do have something running multiple instances of a process named "M5" on eth1 interface. If the reset button method doesn't work, try to ssh into the device and look at this /root/m5
You can also try ssh'ing into it and editing /config/cgminer.conf  with your pool configuration.

[gutsy_btc]

Did you hold the reset button for 5-10 seconds and wait for it to reset to factory settings?
The cron tasks are in /var/spool/cron/root
You do have something running multiple instances of a process named "M5" on eth1 interface. If the reset button method doesn't work, try to ssh into the device and look at this /root/m5
You can also try ssh'ing into it and editing /config/cgminer.conf  with your pool configuration.

/config/bmminer.conf has this permissions:

-r--------    1 root     root           482 Aug 11 17:10 bmminer.conf

I cannot modify with chattr +i because it's not ext3/ext4.

/root/M5 does not exist, not mounted directly neither in /etc/fstab nor mount command.

Have to check /var/spool/cron/root, because crontab -l root didn't show anything... not now because I lost ip access, no red/green light flashes at all 

[MauiDave]

Last night, I powered down my two S9's. When I powered back up, they were configured to point to a viabtc pool. When I tried to change them, I could no longer get it to stick. When I clicked on "Miner Status" it would stay on the Configuration page. Both machines. I tried re-installing the firmware, but neither machine would take it.

Now I"m stuck, leaving these powered down until I can get the firmwere/software reinstalled. Tried resetting, all that. Nothing helps.

Is there a way to reinstall the software or whatever they did to this?

I'll be happy to pay a fair price if someone can get me back up and running asap.

PM me if you can help.

Thanks.

[tonnynguyen]

Miner Type   Antminer S9
Hostname   mi03
Model   GNU/Linux
Hardware Version   12.8.1.3
Kernel Version   Linux 3.14.0-xilinx-gb190cb0-dirty #57 SMP PREEMPT Fri Dec 9 14:49:22 CST 2016
File System Version   Tue Jan 24 22:42:36 EST 2017
BMminer Version   2.0.0
Uptime   1
Load Average   0.31, 0.22, 0.19

[MauiDave]

Great. Thank you for that. D

[lrowland21093]

I am not sure this will help but it does sound a lot like what is being described.
A few weeks ago when I first turn back on an old S5, it got an IP address from my router that was assigned as the DMZ IP address.  I did not realize this happened until sometime later.
Basically that meant the S5 was exposed to the open internet.  When I went to check the miner and pools I saw a entry on there for viabtc that I did not add!
Rebooting and removing the pool would only stick for a little while before it was added again.

To get it fixed I had to completely reset the device, take it off the DMZ (once I realized it was there) and reenter all the pools I wanted.
It has been fine since then.

My theory is that someone is running a bot that connects to open Antminers using SSH and the "Antbleed" API and setting their pools whenever they find a vulnerable miner (like mine was).

My lesson is never expose you miner to the open Internet!