Inno A9 Zmaster login issue, falling

[1mck]

check with Innosilicon for firmware to flash onto SD-card and howto restore factory settings !

BUT...

Could it be that someone hijacked the calls from web browser.
perhaps it's in the router or something with redirection or so?

when you get login page.
if you rightclick and choose "view source" it should look like this:

<!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><meta name="viewport" content="width=device-width,initial-scale=1,shrink-to-fit=no"><meta name="theme-color" content="#000000"><link rel="manifest" href="/manifest.json"><link rel="shortcut icon" href="/favicon.ico"><link rel="stylesheet" href="css/bootstrap.min.css"><link rel="stylesheet" href="css/fontawesome-all.min.css"><link rel="stylesheet" href="google_fonts/font.css"><title>AsicMiner</title><link href="/static/css/main.1a23456b.css" rel="stylesheet"></head><body><noscript>You need to enable JavaScript to run this app.</noscript><div id="root"></div><script src="js/jquery.min.js"></script><script src="js/bootstrap.min.js"></script><script></script><script type="text/javascript" src="/static/js/main.a12bcde3.js"></script></body></html>



PS. I have changed the numbers and letters in these two files:
main.1a23456b.css

and
main.a12bcde3.js


BUT other then numbers and letters in those 2 filenames you SHOULD get exactly the same as above and nothing else at login page!

<!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><meta name="viewport" content="width=device-width,initial-scale=1,shrink-to-fit=no"><meta name="theme-color" content="#000000"><link rel="manifest" href="/manifest.json"><link rel="shortcut icon" href="/favicon.ico"><link rel="stylesheet" href="css/bootstrap.min.css"><link rel="stylesheet" href="css/fontawesome-all.min.css"><link rel="stylesheet" href="google_fonts/font.css"><title>AsicMiner</title><link href="/static/css/main.7f78466b.css" rel="stylesheet"></head><body><noscript>You need to enable JavaScript to run this app.</noscript><div id="root"></div><script src="js/jquery.min.js"></script><script src="js/bootstrap.min.js"></script><script></script><script type="text/javascript" src="/static/js/main.a82afcc3.js"></script></body></html>

[imine2]

check with Innosilicon for firmware to flash onto SD-card and howto restore factory settings !

BUT...

Could it be that someone hijacked the calls from web browser.
perhaps it's in the router or something with redirection or so?

when you get login page.
if you rightclick and choose "view source" it should look like this:

<!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><meta name="viewport" content="width=device-width,initial-scale=1,shrink-to-fit=no"><meta name="theme-color" content="#000000"><link rel="manifest" href="/manifest.json"><link rel="shortcut icon" href="/favicon.ico"><link rel="stylesheet" href="css/bootstrap.min.css"><link rel="stylesheet" href="css/fontawesome-all.min.css"><link rel="stylesheet" href="google_fonts/font.css"><title>AsicMiner</title><link href="/static/css/main.1a23456b.css" rel="stylesheet"></head><body><noscript>You need to enable JavaScript to run this app.</noscript><div id="root"></div><script src="js/jquery.min.js"></script><script src="js/bootstrap.min.js"></script><script></script><script type="text/javascript" src="/static/js/main.a12bcde3.js"></script></body></html>



PS. I have changed the numbers and letters in these two files:
main.1a23456b.css

and
main.a12bcde3.js


BUT other then numbers and letters in those 2 filenames you SHOULD get exactly the same as above and nothing else at login page!

<!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><meta name="viewport" content="width=device-width,initial-scale=1,shrink-to-fit=no"><meta name="theme-color" content="#000000"><link rel="manifest" href="/manifest.json"><link rel="shortcut icon" href="/favicon.ico"><link rel="stylesheet" href="css/bootstrap.min.css"><link rel="stylesheet" href="css/fontawesome-all.min.css"><link rel="stylesheet" href="google_fonts/font.css"><title>AsicMiner</title><link href="/static/css/main.7f78466b.css" rel="stylesheet"></head><body><noscript>You need to enable JavaScript to run this app.</noscript><div id="root"></div><script src="js/jquery.min.js"></script><script src="js/bootstrap.min.js"></script><script></script><script type="text/javascript" src="/static/js/main.a82afcc3.js"></script></body></html>

IDENTICAL ! ! !

Even the two files I changed had exactly same name!!!

[1mck]

What it means?

[imine2]

Here are some guys who seems to know howto communicate with the A9

https://bitcointalk.org/index.php?topic=4432819.msg44021424#msg44021424



Could you NOT login via SSH ?
via Winscp ?

What does it say ?

If you use IP report I think you only reset IP to :
https://bitdadmining.com/how-to-find-asic-miner-ip-address
"Innosilicon Miner:
The defaut of all Innosilicon miner IP address is: 192.168.1.254
Make sure the IP address of your router is 192.168.1.1. if not, you need to change the IP address of your router to 192.168.1.1
Make sure there are no other devices confict with the miner IP: 192.168.1.254.
You can change the IP address after login to control panel (defaut password to change pool, wallet or IP: 12345678)"

(PS. Don't think default password correct in instructions. think password: admin for user: admin)

[imine2]

What it means?

Means that code on the page OK and doesn't explain why it freeze after you press "Login" !

[imine2]

with your consent I will try with WinSCP on port 22 on that ip-address that you had in the picture ?
do you give your consent ?

[1mck]

with your consent I will try with WinSCP on port 22 on that ip-address that you had in the picture ?
do you give your consent ?

yes, try it please, for questions above I answer tommorow, iam on phone now.. Both say me access denied.. Can you pm me ur Skype for faster communication?

[imine2]

with your consent I will try with WinSCP on port 22 on that ip-address that you had in the picture ?
do you give your consent ?

yes, try it please, for questions above I answer tommorow, iam on phone now.. Both say me access denied.. Can you pm me ur Skype for faster communication?

OK!
will report findings!

don't have skype or anything like that!
i'm quite Oldschool  and  I live in Europe

[1mck]

Ok, iam from Europe too 

[imine2]

It doesn't accept password: blacksheepwall for user: root on port 22
Seems like somehow the password been changed ! ? !

When I try web browser and try login as user: guest with password: guest it "freeze up" and doesn't go further.

Portscan over Internet against your IP with Netscanner64.exe from https://www.mitec.cz/netscan.html :
Port 1 to 65535 both TCP and UDP gives :
21 TCP (FTP)
22 TCP (SSH)
80 TCP (HTTP)
554 TCP (RTSP)
4028 TCP (DTServer)
7070 TCP (ARCP)
8001 TCP (VCOM Tunnel)

I did NOT find this :5355 TCP (LLMNR)


Portscan, local against a working A9 in my home network with Netscanner64.exe from https://www.mitec.cz/netscan.html
Port 1 to 65535 both TCP and UDP gives :
22 TCP (SSH)
80 TCP (HTTP)
4028 TCP (DTServer)
5355 TCP (LLMNR)
8001 TCP (VCOM Tunnel)


The result I beleive shows that someone hijacked your 5 A9's.

I guess it's somekind of "devfee" the hijacker takes from you between 20.00-23.30

You should absolutly contact Innosilicon and demand a solution which is quick and easy for you without any costs.
Instructions plus SD-card with firmware-image to make factory restore.

Instructions howto change password for user root ! ! !

The information in this thread should be enough information for them together with the hijackers ZEC-address !
ZEC-address: t1VN9EjK1hWLBmcQuA6hGzhaVohFrnVihDk and your machine probably nr 31304

Since your machine nr 31304 you could also ask about what classaction lawsuit aginst Innosilicon could cost them if they object !?

I hope this will help you to get a fast solution.

Please update about solution

[1mck]

Ok, I send them this discussion too. Is Sunday, nobody talk with me, I must wait.

Do you think Hw factory reset will not help? I do not know if I have an SD card slot - the hole is, but probably empty. When I go there, I'll look at it.

[imine2]

Ok, I send them this discussion too. Is Sunday, nobody talk with me, I must wait.

Do you think Hw factory reset will not help? I do not know if I have an SD card slot - the hole is, but probably empty. When I go there, I'll look at it.

A9 in my home network has SD card slot.

If anything should work it should be Hw factory reset.
And especially with a SD card.

There is no SD card in the slot already so I presume the slot is placed there to be able to make "Factory restore from firmware image on SD card".

Perhaps they can send you NEW controllerboard units for the five A9's and you send the old one's back as a Warranty repair.

Ask them!

If anyone in this forum reads this and have a better answer PLEASE give it here ! ! !

[1mck]

So I got physically there. HW factory reset via IP button fortunately works - the hole on sd card comes to me that it is empty. After reset stock login works, so I upgraded fw and tried to log in through root ssh and it works too.. public ip I changed to local, rather than changing the root password. I'll see in the 20:00 what happen.. I hope there was no hidden hack or something...

BTW Innosilicon - the worst support in the world, nothing and nobody helped me, only the bullshit about the engineers looking at it, etc.. the response crazy, the answers out of the way and very simple, solved the shit!!! through the teamviewer they only tried what I wrote 1000X to them that they could not, did not come up with any solution, they did not mind me, they were reluctant to provide information how to upload fw from sd card, etc etc...

[imine2]

So I got physically there. HW factory reset via IP button fortunately works - the hole on sd card comes to me that it is empty. After reset stock login works, so I upgraded fw and tried to log in through root ssh and it works too.. public ip I changed to local, rather than changing the root password. I'll see in the 20:00 what happen.. I hope there was no hidden hack or something...

BTW Innosilicon - the worst support in the world, nothing and nobody helped me, only the bullshit about the engineers looking at it, etc.. the response crazy, the answers out of the way and very simple, solved the shit!!! through the teamviewer they only tried what I wrote 1000X to them that they could not, did not come up with any solution, they did not mind me, they were reluctant to provide information how to upload fw from sd card, etc etc...

Great to hear that problem solved !

I think you should contact the moderator and ask if it's possible with a warning thread for this "hostage" "kidnapping" of asics.

there you can describe the problems and HOWTO hardware restore to factory settings together with warning of the problem when using Public IP-address.

Now after you gotten problem fixed then perhaps you can do a portscan against them.
Scan one every day so with rotation scheme you will get each scanned every 5th day.
Then you will get indication of problem if ports open up that should be closed.

Best of luck ! ! !

[1mck]

Ou talk with me english please  , its too complicated for me..

HW factory reset we can find in inno manual - Press IP button for +- 8 sec..

So will see how long will asics stable - i waiting for 20:00 

[imine2]

Ou talk with me english please  , its too complicated for me..

HW factory reset we can find in inno manual - Press IP button for +- 8 sec..

So will see how long will asics stable - i waiting for 20:00 

If problem after 20:00 do portscan.
If problem after 20:00 but ok login then do factory restore from web interface and see if problem solved !?

If hijacked I believe it would show on a portscan if same hijacker.

Fingers crossed !

[fanatic26_]

1. I have a public IP address assigned to my miners (they are in external "warehouse" of IT company), so that I can remotely manage them but after a while the logon stops functioning.. Maybe few days working well.. Even did not help HW reset, shutdown, power on, etc.. The login page is loaded but after clicking on login nothing is happening but miners obviously minning when I check them on the pool page, BUT - point 2

You have miners facing the internet, OF COURSE YOU GOT HACKED. Thats about the dumbest possible thing you can do. Miners run precompiled tiny versionf of linux that are never updated or patched. Any vunerability in the code will be there forever. The fact that you put these onto public internet IPs blows my mind. There is literally not a worse choice you could have made than this. I would never trust those miners again without replacing the controllers themselves now that they are infected.

[1mck]

For first, thank you for help!

Second, ofc everyone is smart now.

Third, chill out, it's not your miners.. It isn't something like personal folder, photos.. Somebody hacked me, and what? Now it's everything OK, miners work for me, IP hidden.

[imine2]

1. I have a public IP address assigned to my miners (they are in external "warehouse" of IT company), so that I can remotely manage them but after a while the logon stops functioning.. Maybe few days working well.. Even did not help HW reset, shutdown, power on, etc.. The login page is loaded but after clicking on login nothing is happening but miners obviously minning when I check them on the pool page, BUT - point 2

You have miners facing the internet, OF COURSE YOU GOT HACKED. Thats about the dumbest possible thing you can do. Miners run precompiled tiny versionf of linux that are never updated or patched. Any vunerability in the code will be there forever. The fact that you put these onto public internet IPs blows my mind. There is literally not a worse choice you could have made than this. I would never trust those miners again without replacing the controllers themselves now that they are infected.

You are so right!
Everything on the Internet is hacked Public IP or not!

I don't think it's a coincidense that there are so many bugs all the time or that there are so many critical endpoints on the Internet that are hacked so easily and running systems that never get updated and therefore guarantees that those in power have their backdoors.

I would call it conspiracy FACTS because if it wasn't a conspiracy all code and hardware would be mathamatically proven and inplemented as such a long time ago ! ! !

Most often it's the Five Eyes, Mossad, Russia, The nameless China Intelligence Agency thanks to all implanted backdoors in all "Made in China" hardware thanks to Deep State and the Globalists who run the world and moved all production to Asia.

Then you have every company, government, organisations and almost EVERYONE WW who willingly share their data to third parties for money/power/influence/beeing naive/or whatever and everyone else are hacked and have their data stolen.

But I guess you never been a newbie ?
I guess you never made any mistakes ?

If you think for one moment that your systems NOT are compromised in a way that thoose in power actually could get or already have all the information they need from you / want about you; then I would say you are naive !

And by the way, thanks for all the help you gave him, NOT !

Nothing personal, but perhaps you should be more helpful and less of what you shown here

[imine2]

For first, thank you for help!

Second, ofc everyone is smart now.

Third, chill out, it's not your miners.. It isn't something like personal folder, photos.. Somebody hacked me, and what? Now it's everything OK, miners work for me, IP hidden.

Great that everything works and only things needed was a hardware reset + having IP's hidden to fix it.

Fingers crossed that it will stay like that !

About how long did you have the A9's running with public IP before they got hacked ?