Antminer S9's Hijacked-Need Help-Will Pay $$ To Reset-ASAP

[MauiDave]

Last night, I powered down my two S9's. When I powered back up, they were configured to point to a viabtc pool. When I tried to change them, I could no longer get it to stick. When I clicked on "Miner Status" it would stay on the Configuration page. Both machines. I tried re-installing the firmware, but neither machine would take it.

Now I"m stuck, leaving these powered down until I can get the firmwere/software reinstalled. Tried resetting, all that. Nothing helps.

Is there a way to reinstall the software or whatever they did to this?

I'm working on learning how to SSH into it, but don't what to do once I'm in.

I'll be happy to pay a good price if someone can get me back up and running asap.

PM me if you can help. Obviously, time is of the essence.

Thanks. Dave

[Elphamyto]

Did you just get these machines? Were they sold by Bitmain or secondhand/used?

You can try installing a new firmware image. Go to https://shop.bitmain.com/support.htm?pid=00720161126080548570Q2tDBXAH065D and depending in which S9 machine you have, download the firmware. If it's not a static 14TH unit, then download the one at the bottom Antminer-S9-all-201708151137-autofreq-user-Update2UBI-NF.tar.gz.

Go to the miner's page under System tab -> Upgrade and under "Flash new firmware image" uncheck "Keep settings" and select the tar.gz firmware you downloaded.
Give it 5-7 minutes and then see if you can enter your pool info.

[MauiDave]

Yes, the first thing I tried. When I install it, after it's done, it returns an error page from the cgi-bin that says "incorrect firmware". Tried all versions on the Bitmain site. Apparently, whatever they did, doesn't allow me to overwrite what they put in.

The Kernel version is this.. obviously the wrong one. I need to get in there and completely overwrite the firmware. Start from scratch:

"Kernel Version   Linux 3.14.0-xilinx-gb190cb0-dirty #57 SMP PREEMPT Fri Dec 9 14:49:22 CST 2016"

Need to get in there and get it back to factory.

Anyone know if I can load it from the SD card and make it work?

Again, anyone who knows how to SSH into it and reload the factory firmware (and software?), I'll pay to get it done.

Thanks in advance.

Dave

[bitcoinforever2]

Yes, the first thing I tried. When I install it, after it's done, it returns an error page from the cgi-bin that says "incorrect firmware". Tried all versions on the Bitmain site. Apparently, whatever they did, doesn't allow me to overwrite what they put in.

The Kernel version is this.. obviously the wrong one. I need to get in there and completely overwrite the firmware. Start from scratch:

"Kernel Version   Linux 3.14.0-xilinx-gb190cb0-dirty #57 SMP PREEMPT Fri Dec 9 14:49:22 CST 2016"

Need to get in there and get it back to factory.

Anyone know if I can load it from the SD card and make it work?

Again, anyone who knows how to SSH into it and reload the factory firmware (and software?), I'll pay to get it done.

Thanks in advance.

Dave

I assume you can log onto the device? Unless there is a custom firmware installed, you should be able to upgrade the new firmware. And then reset to factory default. If you are not able to do that, then the device has been compromised to a level higher than you can access  yourself and you will need to return it, there is nothing else you can do.

[Hockeybum]

I’ve seen replacement controller boards on Ebay for about $150, that should take care of the problem.

[Elphamyto]

Did you just get these machines? Were they sold by Bitmain or secondhand/used?

What about my first question?

[MauiDave]

No, have had them and running fine for a few months.

I have not been able to install any new firmware. Won't take. Tried everything. I can get in there, even got Awesomeminer to say one of them was able to change the pool, but when I go back to the machine, it's still in the same condition, with that Kernel version.

Is a new controller board the only option?

Bitmain suggested that if none of the reset options work, to create a repair ticket for a new board.

[fanatic26]

So even doing the IP reporter hard factory reset did not bring it back to factory settings?

[not.you]

Try the SD card boot

https://shop.bitmain.com/support.htm?pid=007201604120945219855QObfk20066C

[QuintLeo]

Doesn't the S9 have a hardware "reconfigure to factory default" button like the S5 had?

[lightfoot]

SD card should do it; if someone had root access on the boxes they could have lobotomized things like the upgrade firmware section.

So how did it happen? Are these things on the internet or behind a NAT firewall at your house? If the latter you might have a compromised desktop or something that was used as a jump vector.....

[MauiDave]

I did the IP Reporter hard reset today. It seems to have somewhat fixed the problem temporarily, however neither machine has come back up to full hash rate. I'm giving it 24 hours to see.

I think the Kernel Version is still what they left. If someone knows what I should see as the kernel version for the 650 firmware upgrade, please let me know so I can compare.

I may also try the SD install, if everything isn't normal in the morning. I see a link above for instructions. Thank you very much for that.

I also have to check the firewall settings again. I switched internet service to ATT that same day. Coincidence? New modem/router, so I'm sure it wasn't as strong as it should have been.

Here's what happened, so others know what to look for:

I powered the machines down to re-configure the AC wires on my rig. When I powered back up, got back to my laptop to check everything was running ok, I noticed that the pools were now set to the viaBTC pools with the user as something strange, maybe something like XX00.S9 or something like that. Don't remember exactly. When I tried to change it back, I entered my pool info, then clicked on "Miner Status" tab, but it wouldn't change, stayed on "Miner Configuration" tab. That's when I knew something serious was wrong. Tried reinstalling the firmware, everything. Nothing changed, and my pool wasn't reporting any workers from those machines.

Will give an update tomorrow. Thank you all for your help. Much appreciated. Also going to get to know Awesomeminer tomorrow. May need help with learning how to SSH into the machine, so I can troubleshoot better next time.

On another note, put my two new D3's online the other day. What a disappointment to find out where we're at with X11 right now. Nothing like it was when I ordered those machines a couple months ago

[Elphamyto]

If you want to try and manually force the miner configuration (pool / worker / password) here are the steps. If something on the controller is corrupt then this may not work. This is only a last resort. I'm assuming you aren't familiar with nix shells from what you said in your first post.

You'll need to ssh into the miner. If you aren't working from a linux or mac, you'll need Cygwin or some other way of running a bash-like shell.
The username is root and the password is admin (unless you have changed the password)

Code:

ssh root@192.168.1.55

*enter password*

Change to the config directory

Code:

cd /config

Stop bmminer

Code:

/etc/init.d/bmminer.sh stop > /dev/null 2>&1

Change permissions on bmminer.conf so we can edit it manually

Code:

chmod 600 bmminer.conf

Edit the file using vi

Code:

vi bmminer.conf

Use arrow buttons to go to where you edit text, press "i" and edit the text. If you get stuck using vi just google it—unfortunately there isn't any other editor installed. When you are done editing the pool and worker info, press escape, then colon and type "wq" (which mean write changes and quit vi) and enter.

Change permissions back to original state on bmminer.conf

Code:

chmod 400 bmminer.conf

Start bmminer

Code:

/etc/init.d/bmminer.sh start > /dev/null 2>&1

See if this gets your pools and workers back

[MauiDave]

That's perfect. Thank you. I know just enough coding to be dangerous.

As of this morning, it looks like the reset I did with the IP reporter button worked, however I'm not sure if it completely allowed the firmware reinstall to take. Here's the kernel version. Can anyone tell me if this is correct? It doesn't to me, which means there's still something left on there:

Kernel Version   Linux 3.14.0-xilinx-gb190cb0-dirty #57 SMP PREEMPT Fri Dec 9 14:49:22 CST 2016

If that's not the correct version, and reinstalling the firmware can't change it, is there a way to ssh into it and change it, or does it mean a new controller board?

Thanks.

D

[lightfoot]

Glad to hear you got it back under control; sounds like the hard reset reloads the OS from a safe region in memory. Good to know.

Still wondering how it happened: If the machines are on public IP addresses then the answer is simple: Someone found them and rolled around. If they are on private (192 or 10 addresses) then that's unusual; how did outside people get into them.

Recommend strong passwords on the boxes till you figure it out.

C

[Elphamyto]

That's perfect. Thank you. I know just enough coding to be dangerous.

As of this morning, it looks like the reset I did with the IP reporter button worked, however I'm not sure if it completely allowed the firmware reinstall to take. Here's the kernel version. Can anyone tell me if this is correct? It doesn't to me, which means there's still something left on there:

Kernel Version   Linux 3.14.0-xilinx-gb190cb0-dirty #57 SMP PREEMPT Fri Dec 9 14:49:22 CST 2016

If that's not the correct version, and reinstalling the firmware can't change it, is there a way to ssh into it and change it, or does it mean a new controller board?

Thanks.

D

That looks like the correct kernel, but know that the kernel version and firmware version are two different things.
Firmware is listed below Kernel Version as "File System Version."

Did you see that Bitmain has a package to fix S9 firmware update https://shop.bitmain.com/support.htm?pid=007201611260753443104jm60Q6L0639
I've never had to use this but apparently it's an issue for the S9.


 

[JohnnyDoeTheSecond]

Antminer rejects every attempt at cleaning up kernel with updates no matter WHAT I try it with, including the "clean up the mess that happened when you tried to update and it wouldn't" version they have on their site.

The miner just will. Not. Accept. Any. Fixes.

how can I check what the config bin file is or where?

And again, how do I do an SD card reflash? It violently rejects any attempts at reflashing the firmware via the "you have been hacked and this is the web interface you get now, sucker" interface.

[JohnnyDoeTheSecond]

SD card should do it; if someone had root access on the boxes they could have lobotomized things like the upgrade firmware section.

YUP

But how do you do an SD card thing?

[philipma1957]

Antminer rejects every attempt at cleaning up kernel with updates no matter WHAT I try it with, including the "clean up the mess that happened when you tried to update and it wouldn't" version they have on their site.

The miner just will. Not. Accept. Any. Fixes.

how can I check what the config bin file is or where?

And again, how do I do an SD card reflash? It violently rejects any attempts at reflashing the firmware via the "you have been hacked and this is the web interface you get now, sucker" interface.

i have a few miners with two boards.

I also have a few spare controllers.

Where do you live?

USA New Jersey

Is my location close to you.

[lightfoot]

I also have a few spare controllers.

Where do you live?

USA New Jersey

Is my location close to you.

Spare controller would be the quickest way to do it. Once you're online I'd be happy to take a look at the hacked one and figure out how to restore it. Would be a nice little side project (like the porting of the KNC Titan code to beaglebones. That helped a lot)