Bitcoin Forum
December 02, 2021, 10:33:34 PM *
News: Latest Bitcoin Core release: 22.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1] 2 3 »  All
  Print  
Author Topic: Antminer Hack S9 /S15 / S17 / Sx aso. SSH and so on for free  (Read 3023 times)
fubly
Hero Member
*****
Offline Offline

Activity: 557
Merit: 517


Trustless IceColdWallet


View Profile WWW
June 05, 2019, 12:22:47 AM
Last edit: July 10, 2019, 10:20:54 PM by fubly
Merited by thierry4wd (2), OgNasty (1), hugeblack (1), Artemis3 (1)
 #1

HACK FIRMWARE and SSH and EXPLOIT for free

FIRMWARE


Code:
vi /www/pages/cgi-bin/upgrade.cgi

  • remove line 45,46,46,48,49,50,51,52,77,78 (move with up and press d to remove a line. 77 and 78 are the last fi on that function)
  • press ESC : wq
  • open your antminer website and upload what ever you want

SSH on any Antminer


Code:
dropbearkey -t rsa -f /config/dropbear_rsa_host_key -y

  • reboot -f
  • power off your antminer
  • disconnect ftdi
  • power on
  • login via ssh as usual

EXPLOIT Antminer (not only S15 or 17)

The exploit uses a security issue on Lighttpd!

  • research your self
  • if you use Kali Linux search for XSS, Lighttpd, remote execution
  • It's hard to find but not impossible!
  • do not spend any cent on this exploit use the above instructions
  • if you have found the script use dos2linux to convert the script (it's a Win script)
  • the code to execute is: dropbearkey -t rsa -f /config/dropbear_rsa_host_key -y
  • Why? Because if you set a new dropbearkey ssh service will start from alone Grin

Stop PM me if you will not pm your real name to me!

Hint: It works also above 1.4.32 Grin

each time you send a transaction don't forget to use a new address, each time you receive one also!
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
PassThePopcorn
Sr. Member
****
Offline Offline

Activity: 469
Merit: 308


View Profile
June 05, 2019, 02:00:59 PM
 #2

Do you know the pinout for the ftdi to connect it to the miner? or would any console cable work?
https://www.amazon.com/dp/B07MY6F8TP/
cfbtcman
Member
**
Offline Offline

Activity: 238
Merit: 14


View Profile
June 26, 2019, 05:07:18 PM
 #3

I have everything but dont work, what is supposed to use as terminal to login, Putty or coolterm?
We need to connect energy to the databoard or not?
Artemis3
Legendary
*
Offline Offline

Activity: 1190
Merit: 1133


S9: 70 J/TH, S17: 29 J/TH. BOSminer made with Rust


View Profile WWW
July 04, 2019, 12:42:27 AM
 #4

I have everything but dont work, what is supposed to use as terminal to login, Putty or coolterm?
We need to connect energy to the databoard or not?

Power the controller, no need for hashboards.
This is a serial link, old fashioned method you may not be familiar with depending on your age, so use a serial terminal, not ssh client; forget putty.

If you do it correctly you should get a prompt when you plug the cable and hit enter; probably login and password.

██████
███████
███████
████████
BRAIINS OS+|AUTOTUNING
MINING FIRMWARE
|
Increase hashrate on your Bitcoin ASICs,
improve efficiency as much as 25%, and
get 0% pool fees on Slush Pool
cfbtcman
Member
**
Offline Offline

Activity: 238
Merit: 14


View Profile
July 05, 2019, 01:41:17 AM
Last edit: July 06, 2019, 03:55:37 AM by frodocooper
 #5

Putty can use serial terminal too, but i use coolterm and i cant get nothing.
Why there is no connections scheme, can someone put some pictures of the connections scheme?
Artemis3
Legendary
*
Offline Offline

Activity: 1190
Merit: 1133


S9: 70 J/TH, S17: 29 J/TH. BOSminer made with Rust


View Profile WWW
July 05, 2019, 01:39:15 PM
Last edit: July 06, 2019, 03:55:53 AM by frodocooper
 #6

Why? Did you made the cable yourself? Just search online for FTDI usb cable pinout... I believe it involves a chip, due to usb, unless you want to make a direct rj45 to serial which i happen to have one lol. Cisco switches and such use them in both the true serial and usb variants that go into an rj45 jack and serial/usb on the other side. Oh, if you are using a true serial port, make sure its enabled in the bios. Some bios are set to "auto" and won't turn it on if nothing is plugged at boot.

I haven't touched putty in over a decade, but if it can do true serial then its a matter of picking the right port and speed parameters (115kbps 8,n,1).
If unsure test the program with something else if you have anything that still connects via serial (such as the aforementioned router, or an old fashioned pc).

██████
███████
███████
████████
BRAIINS OS+|AUTOTUNING
MINING FIRMWARE
|
Increase hashrate on your Bitcoin ASICs,
improve efficiency as much as 25%, and
get 0% pool fees on Slush Pool
s3binator
Newbie
*
Offline Offline

Activity: 14
Merit: 16


View Profile
July 07, 2019, 09:53:34 PM
 #7

For the exploit, I searched and tried the few exploits on exploit-db. I haven't found anything thats a windowns script. The others didin't seem to work (were for older versions than lighttpd 1.4.32, which is whats on the newest firmware.) Has anyone else had more luck?

Thanks
cfbtcman
Member
**
Offline Offline

Activity: 238
Merit: 14


View Profile
July 10, 2019, 06:32:05 AM
 #8

Why? Did you made the cable yourself? Just search online for FTDI usb cable pinout... I believe it involves a chip, due to usb, unless you want to make a direct rj45 to serial which i happen to have one lol. Cisco switches and such use them in both the true serial and usb variants that go into an rj45 jack and serial/usb on the other side. Oh, if you are using a true serial port, make sure its enabled in the bios. Some bios are set to "auto" and won't turn it on if nothing is plugged at boot.

I haven't touched putty in over a decade, but if it can do true serial then its a matter of picking the right port and speed parameters (115kbps 8,n,1).
If unsure test the program with something else if you have anything that still connects via serial (such as the aforementioned router, or an old fashioned pc).

I bought one already cable in Amazon from USB to RJ45, but like i told you nothing works.
The connections are in the RJ45 or in the boards points like old JTAGs ?
Artemis3
Legendary
*
Offline Offline

Activity: 1190
Merit: 1133


S9: 70 J/TH, S17: 29 J/TH. BOSminer made with Rust


View Profile WWW
July 10, 2019, 12:56:10 PM
 #9

I bought one already cable in Amazon from USB to RJ45, but like i told you nothing works.
The connections are in the RJ45 or in the boards points like old JTAGs ?

Both apparently. I did saw the 3 pin header on S9s, but this may vary with controller model/revision.

██████
███████
███████
████████
BRAIINS OS+|AUTOTUNING
MINING FIRMWARE
|
Increase hashrate on your Bitcoin ASICs,
improve efficiency as much as 25%, and
get 0% pool fees on Slush Pool
fubly
Hero Member
*****
Offline Offline

Activity: 557
Merit: 517


Trustless IceColdWallet


View Profile WWW
July 10, 2019, 10:03:35 PM
 #10

I have everything but dont work, what is supposed to use as terminal to login, Putty or coolterm?
We need to connect energy to the databoard or not?

see the first post (edited today)!

each time you send a transaction don't forget to use a new address, each time you receive one also!
cfbtcman
Member
**
Offline Offline

Activity: 238
Merit: 14


View Profile
July 14, 2019, 09:28:58 PM
Last edit: July 15, 2019, 03:42:28 AM by frodocooper
 #11

Both apparently. I did saw the 3 pin header on S9s, but this may vary with controller model/revision.

Both? If both where is diagram for board connections?
This post seems a joke!

see the first post (edited today)!

This sounds like one enigma, why dont do this like if this was for very stupid people?
Put some pictures of connections, or a video in youtube, why not?
bruiser
Member
**
Offline Offline

Activity: 68
Merit: 12


View Profile
July 15, 2019, 10:22:25 AM
 #12

Or you can do it without buying any tools: https://asicseer.com/page/security-restoring-ssh

We released it for free. If you like the tool, try ASICseer itself Smiley
Artemis3
Legendary
*
Offline Offline

Activity: 1190
Merit: 1133


S9: 70 J/TH, S17: 29 J/TH. BOSminer made with Rust


View Profile WWW
July 15, 2019, 02:54:39 PM
Last edit: July 16, 2019, 03:48:05 AM by frodocooper
Merited by frodocooper (5)
 #13

[...]

Why? Have you never done serial? You just need 3 wires: TXD RXD and GND which corresponds to pins 2, 3 and 5 in a standard db-9 plug. You might need to swap TXD and RXD if you got it wrong. Don't ask me about usb because that's a whole new can of worms.



To clarify in case you somehow got it wrong: You can use either port, the rj45 or the 3 pin header for serial communications. "Both" should work... Using an rj45 for serial communications is old. The port knows when you plug this type of cable instead of Ethernet in devices with serial, there is nothing special about this. But in addition there happens to be a 3 pin header that appears to be the same. Just ignore the 3 pin header if you don't get it.

RJ-45 PinSignalDB-9 PinSignal
1RTS8CTS
2DTR6DSR
3TXD2RXD
4GND5GND
6RXD3TXD
7DSR4DTR
8CTS7RTS

https://www.juniper.net/documentation/en_US/release-independent/junos/topics/reference/specifications/port-rj45-db9-adapter-pinout.html

You could wire them all if you are bothered with hardware control, but my made by Cisco version cable didn't bother. I don't think they use it (cts/rts) anyway, or the data ready pins.

██████
███████
███████
████████
BRAIINS OS+|AUTOTUNING
MINING FIRMWARE
|
Increase hashrate on your Bitcoin ASICs,
improve efficiency as much as 25%, and
get 0% pool fees on Slush Pool
tim-bc
Full Member
***
Offline Offline

Activity: 549
Merit: 172


View Profile
July 22, 2019, 07:20:20 PM
 #14

Or you can do it without buying any tools: https://asicseer.com/page/security-restoring-ssh

We released it for free. If you like the tool, try ASICseer itself Smiley
This tool doesn't work, I've already tried it, others have too with no luck.

Also asicseer has devfee and some of the devs / leaders are bcash proponents

Ignore scammers on Skype, Telegram, etc. I will only ever contact you via forum PMs. See profile for fingerprint.
darkv0rt3x
Full Member
***
Online Online

Activity: 265
Merit: 167


What is this?


View Profile
July 23, 2019, 07:05:04 PM
 #15

What are the advantages of performing this hack? What can we do with it that cannot be done without it?

Minning Revolution - É possível, caralhoooo....
Lightning Node URI: 03fef777d58a529df02a3fb267690e0c9033767b555cc1c63844bb2d3498789f91@2obm3yvfj5m3zabnea5y2xolimeuc4gbelika3pa7div5pk2eolqrtad.onion:9735
s3binator
Newbie
*
Offline Offline

Activity: 14
Merit: 16


View Profile
July 24, 2019, 11:40:47 PM
Merited by frodocooper (3), OgNasty (1)
 #16

What are the advantages of performing this hack? What can we do with it that cannot be done without it?

The newest bitmain firmware disables ssh on boot, therefore you can not ssh into machines. Its not a big deal if you have a few machines, but there are many farms out there with hundreds or thousands of miners that automate configuration and reboots using software, this new firmware removes the ability.

They quote "security", but its bologna. Why not give the end user a choice to turn ssh on or off through portal. Any end user with a couple machines can turn ssh off, and farms that tunnel through firewalls can leave it on, our choice.  They are purposely making larger mining operations lives harder to get an upper hand.
darkv0rt3x
Full Member
***
Online Online

Activity: 265
Merit: 167


What is this?


View Profile
July 25, 2019, 12:54:56 PM
Last edit: July 26, 2019, 03:29:56 AM by frodocooper
 #17

Ah ok. I got it. Absolutely agreed. There's no point in avoiding SSH connections because sooner or later someone will make it happen one way or another.

What about the exploit? What can one do with it?

Minning Revolution - É possível, caralhoooo....
Lightning Node URI: 03fef777d58a529df02a3fb267690e0c9033767b555cc1c63844bb2d3498789f91@2obm3yvfj5m3zabnea5y2xolimeuc4gbelika3pa7div5pk2eolqrtad.onion:9735
tim-bc
Full Member
***
Offline Offline

Activity: 549
Merit: 172


View Profile
July 25, 2019, 08:15:47 PM
 #18

The newest bitmain firmware disables ssh on boot, therefore you can not ssh into machines. Its not a big deal if you have a few machines, but there are many farms out there with hundreds or thousands of miners that automate configuration and reboots using software, this new firmware removes the ability.

They quote "security", but its bologna. Why not give the end user a choice to turn ssh on or off through portal. Any end user with a couple machines can turn ssh off, and farms that tunnel through firewalls can leave it on, our choice.  They are purposely making larger mining operations lives harder to get an upper hand.

You can do all necessary configurations, get kernel logs, do reboots etc. all through the cgi pages on the web portal. It is actually much faster than SSH on these miners because they always sit for a few seconds before you can connect via ssh.

Large mining operations can easily have someone to tweak their scripts and how they do configurations. However, unexperienced and smaller users who are clueless could easily get an ssh virus if any infected miners or control boards are put on the same network.

Ignore scammers on Skype, Telegram, etc. I will only ever contact you via forum PMs. See profile for fingerprint.
Artemis3
Legendary
*
Offline Offline

Activity: 1190
Merit: 1133


S9: 70 J/TH, S17: 29 J/TH. BOSminer made with Rust


View Profile WWW
July 25, 2019, 11:32:38 PM
Last edit: July 26, 2019, 03:31:11 AM by frodocooper
Merited by frodocooper (2)
 #19

You can do all necessary configurations, get kernel logs, do reboots etc. all through the cgi pages on the web portal. It is actually much faster than SSH on these miners because they always sit for a few seconds before you can connect via ssh.

Large mining operations can easily have someone to tweak their scripts and how they do configurations. However, unexperienced and smaller users who are clueless could easily get an ssh virus if any infected miners or control boards are put on the same network.

This is not true and it probably means your LAN or your computer aren't performing properly, or you are using Putty or some bloated windows client rather than proper openssh from a proper operating system.

The other reason most people want ssh access is to enable the other api controls that require editing some text file. There is also diagnostics and the multitude of things you can do from a proper Linux box, as these controllers actually are, such as network debug and configuration. I have often changed dns via ssh which from ui requires a reboot which is a travesty.

And yes there are the people using scripts to automate things, why not? you can do the whole thing without ever looking at the web ui. How are you seriously going to say that a web ui is faster than a text console? It is an order of magnitude slower, simply by data transferred alone lets ignore web browser rendering... Have i seen Bitmain miners with the web ui stuck that are actually still mining? Yes i have...

s3binator is right, the alleged "security" thing is bologna, and yes, a simple ui option would at least give the owner a choice, but they don't care. Want security? Start with setting a proper password, then remove all windows computers from your mining lan, which is how 90% of the malware gets in.

██████
███████
███████
████████
BRAIINS OS+|AUTOTUNING
MINING FIRMWARE
|
Increase hashrate on your Bitcoin ASICs,
improve efficiency as much as 25%, and
get 0% pool fees on Slush Pool
darkv0rt3x
Full Member
***
Online Online

Activity: 265
Merit: 167


What is this?


View Profile
July 26, 2019, 09:32:35 PM
 #20

Hum, ok. I've learnt more in the last few posts here than with the thread instructions themselves.

I use Linux at home by default and I like the advantages of not have to deal with constant bugs and errors of window based systems and applications. I absolutely agree witht he problem of 90% or more of malware spreading mostly through Windows machines. Nothing like a terminal to avoid a ton of problems!

I like the idea of being possible to access miners through an SSH connection. If I have get a miner in my hands, I'll try to do everything via terminal!

Thanks
DarkV

Minning Revolution - É possível, caralhoooo....
Lightning Node URI: 03fef777d58a529df02a3fb267690e0c9033767b555cc1c63844bb2d3498789f91@2obm3yvfj5m3zabnea5y2xolimeuc4gbelika3pa7div5pk2eolqrtad.onion:9735
Pages: [1] 2 3 »  All
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!