Bitcoin Forum
October 18, 2019, 05:22:45 AM *
News: Latest Bitcoin Core release: 0.18.1 [Torrent]
 
   Home   Help Search Login Register More  
Pages: « 1 [2]  All
  Print  
Author Topic: Antminer Hack S9 /S15 / S17 / Sx aso. SSH and so on for free  (Read 1312 times)
cfbtcman
Member
**
Offline Offline

Activity: 237
Merit: 12


View Profile
July 27, 2019, 07:24:01 AM
Last edit: July 29, 2019, 01:22:23 AM by frodocooper
 #21

Or you can do it without buying any tools: https://asicseer.com/page/security-restoring-ssh

We released it for free. If you like the tool, try ASICseer itself Smiley

This is just for S9, we are talking about S15/S17, solutions for that?

You can do all necessary configurations, get kernel logs, do reboots etc. all through the cgi pages on the web portal. It is actually much faster than SSH on these miners because they always sit for a few seconds before you can connect via ssh.

Large mining operations can easily have someone to tweak their scripts and how they do configurations. However, unexperienced and smaller users who are clueless could easily get an ssh virus if any infected miners or control boards are put on the same network.

Tim, in a S15 you can easily overclocking it to do 33TH and oficially it just do 28TH its a big difference and Bitmain dont allow people to do it with web interface.

Why? Have you never done serial? [...]

I have done serial in past, but new computers uses USB, i have a USB to RS232 adapter and worked always fine in things i need, but this time i have one USB to RJ45 and program detects well but dont do nothing!

Do you have one working? I can pay for one that works, you can post a video doing it and showing it?
1571376165
Hero Member
*
Offline Offline

Posts: 1571376165

View Profile Personal Message (Offline)

Ignore
1571376165
Reply with quote  #2

1571376165
Report to moderator
1571376165
Hero Member
*
Offline Offline

Posts: 1571376165

View Profile Personal Message (Offline)

Ignore
1571376165
Reply with quote  #2

1571376165
Report to moderator
1571376165
Hero Member
*
Offline Offline

Posts: 1571376165

View Profile Personal Message (Offline)

Ignore
1571376165
Reply with quote  #2

1571376165
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1571376165
Hero Member
*
Offline Offline

Posts: 1571376165

View Profile Personal Message (Offline)

Ignore
1571376165
Reply with quote  #2

1571376165
Report to moderator
1571376165
Hero Member
*
Offline Offline

Posts: 1571376165

View Profile Personal Message (Offline)

Ignore
1571376165
Reply with quote  #2

1571376165
Report to moderator
1571376165
Hero Member
*
Offline Offline

Posts: 1571376165

View Profile Personal Message (Offline)

Ignore
1571376165
Reply with quote  #2

1571376165
Report to moderator
supersonic
Full Member
***
Offline Offline

Activity: 188
Merit: 100



View Profile
August 11, 2019, 03:47:42 PM
Last edit: August 11, 2019, 11:19:07 PM by frodocooper
 #22

Power the controller, no need for hashboards.
This is a serial link, old fashioned method you may not be familiar with depending on your age, so use a serial terminal, not ssh client; forget putty.

If you do it correctly you should get a prompt when you plug the cable and hit enter; probably login and password.

It works either through putty or cooltherm, problem i had was when prompted for login, i couldnt type anything, tho led light was blinking on controller when i tried.

Nice from far but far from nice
Artemis3
Sr. Member
****
Offline Offline

Activity: 434
Merit: 638


★777Coin.com★ Fun BTC Casino!


View Profile WWW
August 12, 2019, 06:01:33 PM
Last edit: August 13, 2019, 02:13:06 AM by frodocooper
 #23

That sounds like your terminal has the wrong echo configuration. I am not exactly sure how good something like putty is for serial communications as i have never ever tried it for that. Anyway whatever terminal you use, try to find out how to change the echo configuration so it shows the characters you are sending instead of waiting for remote to send them back.

cfbtcman
Member
**
Offline Offline

Activity: 237
Merit: 12


View Profile
August 13, 2019, 03:28:13 AM
Last edit: August 13, 2019, 11:01:49 AM by frodocooper
 #24

Artemis, this is a post just to try to make Bitmain thinks there is solution?

I ask this because the only guys that say they can open SSH they ask a lot of money in bitcoin and they say just work with >100 units and they dont give solutions for free!

In this conditions i have the solution too, i can pass my BTC address to anybody that wants to pay!!!!

Here we have ppl saying the pinout of FTDI needs to be connected to RJ45 port?!!!!!! I never saw that in all my life!

I spoke with some guys that say there is special points in board to make the connections, here nobody prints pictures of a scheme or a link to youtube, so, this is real or just another myth?

Have you already tried and worked or have any other guy here tried and worked that can post a real scheme with real pictures or youtube video?

P.S,- There is some guys that are trying since the beginning of the year to get funds in bitcoin to pay to White Rabbit post solution that is supposed to be the creator of exploit and they still trying to collect more money, so for me this seems just a fake, can someone prove i am wrong?
bommachine
Newbie
*
Offline Offline

Activity: 3
Merit: 0


View Profile
August 13, 2019, 08:42:52 AM
Last edit: August 13, 2019, 11:02:24 AM by frodocooper
 #25

Has anyone tried the instructions in the following link?

https://forum.hiveos.farm/t/antminer-s17-t17-support/12415
It’s based on a lighthttpd exploit on firmware version 0527 which is longer available to download.

If anyone has this firmware could they share with us so we can test.

Another method I’m going to try is to change the firmware myself and then reupload, but not sure that will work.
fubly
Hero Member
*****
Offline Offline

Activity: 555
Merit: 517


Trustless IceColdWallet


View Profile WWW
August 13, 2019, 10:22:57 AM
 #26

New hint:
this exploit will not work, wrong parameters in curl, will only work on already opened firmware.

There is no create_log_backup.cgi, just on very old ones create_conf_backup.cgi. So it's the wrong CGI file to inject the code!
Good luck, and note nothing is for free.

each time you send a transaction don't forget to use a new address, each time you receive one also!
bommachine
Newbie
*
Offline Offline

Activity: 3
Merit: 0


View Profile
August 13, 2019, 11:17:57 AM
 #27

Cool I’ve got copies of the old firmware so I’ll test. Once I know the version of lighthttpd it will be quite easy to find the appropriate exploit if it does exist.
Artemis3
Sr. Member
****
Offline Offline

Activity: 434
Merit: 638


★777Coin.com★ Fun BTC Casino!


View Profile WWW
August 13, 2019, 10:50:46 PM
 #28

Artemis, this is a post just to try to make Bitmain thinks there is solution?

If i were you, i would use the sdcard method and be done with it. Don't ask me about the newer units as i haven't touched one (yet).

DrHyed
Newbie
*
Offline Offline

Activity: 3
Merit: 0


View Profile
August 14, 2019, 10:19:14 PM
 #29

Ive been tryng to downgrade the firmwear my T9+ for about a week and Im having no luck. The board will not take a sd card flash no matter what I try, I am not technical enough to truly dig in to the firmware (though I did try for about 1.5 days...) so I bought a ftdi but Im not having any luck with it either. I have cooltherm and the ft232 drivers installed and the pin outs connected correctly to the t9+ board and ftdi but I am not prompted to log in when I open cooltherm or plug the ftdi into the computer or press the connect button inside cooltherm. I have the baud rate at 115000, the miner board is powered up, what am I missing? How do I make the ftdi and miner board talk? Im assuming once they are communicating I can modify the bin file (or whatever its called specifically) via cooltherm and then upgrade/downgrade out of the ssh version of the firmwear thats on my board at the moment? Sorry for all the questions, ill get this newb knocked off me soon I promise!

Thank You
Jay
BitMaxz
Legendary
*
Offline Offline

Activity: 1582
Merit: 1252


Beware on fake ledger nano, trezor and electrum.


View Profile WWW
August 14, 2019, 11:42:29 PM
 #30

Ive been tryng to downgrade the firmwear my T9+ for about a week and Im having no luck. The board will not take a sd card flash no matter what I try, I am not technical enough to truly dig in to the firmware (though I did try for about 1.5 days...) so I bought a ftdi but Im not having any luck with it either. I have cooltherm and the ft232 drivers installed and the pin outs connected correctly to the t9+ board and ftdi but I am not prompted to log in when I open cooltherm or plug the ftdi into the computer or press the connect button inside cooltherm. I have the baud rate at 115000, the miner board is powered up, what am I missing? How do I make the ftdi and miner board talk? Im assuming once they are communicating I can modify the bin file (or whatever its called specifically) via cooltherm and then upgrade/downgrade out of the ssh version of the firmwear thats on my board at the moment? Sorry for all the questions, ill get this newb knocked off me soon I promise!

How about the jumper? Did you know that you need to move the jp4 jumper before you flash the miner.
Check this guide on how to flash the antminer t9+ with SD card from here "T9+ Control Board Program Recovery"

About FTDI I think this tool is only for old ASIC miner.
Check this thread from here https://bitcointalk.org/index.php?topic=831601.0

cfbtcman
Member
**
Offline Offline

Activity: 237
Merit: 12


View Profile
August 15, 2019, 01:27:23 AM
Last edit: August 16, 2019, 03:53:08 AM by frodocooper
 #31

If i were you, i would use the sdcard method and be done with it. Don't ask me about the newer units as i haven't touched one (yet).

I think there is no solution yet to boot with SDCARD in a S15 machine.



New hint:
this exploit will not work, wrong parameters in curl, will only work on already opened firmware.

There is no create_log_backup.cgi, just on very old ones create_conf_backup.cgi. So it's the wrong CGI file to inject the code!
Good luck, and note nothing is for free.

If nothing is for free these post makes no sense!
There is many things free in this life like air, sunlight, rain...

Ok, even if we need to pay it, someone have the contact of someone that can unlock machines remotly for a fair price?

If everybody could unlock and overclock machines the hashrate would grow up, without hashrate going up, bitcoin cant go up, all we want bitcoin going up, so teoretically the guys that have the solution could post the solution and they could earn in bitcoin valorization, the problem is that guys are very smart in somethings but not so smart in another.

If i had the solution i would post for everybody.
supersonic
Full Member
***
Offline Offline

Activity: 188
Merit: 100



View Profile
August 21, 2019, 07:17:17 AM
 #32

That sounds like your terminal has the wrong echo configuration. I am not exactly sure how good something like putty is for serial communications as i have never ever tried it for that. Anyway whatever terminal you use, try to find out how to change the echo configuration so it shows the characters you are sending instead of waiting for remote to send them back.
Well, no wonder i couldnt do anything - my ftdi was broken. I got another and everything is working as intended.

Nice from far but far from nice
tim-bc
Full Member
***
Offline Offline

Activity: 490
Merit: 140


View Profile
August 21, 2019, 10:42:25 PM
Last edit: August 21, 2019, 11:18:45 PM by frodocooper
 #33

Tim, in a S15 you can easily overclocking it to do 33TH and oficially it just do 28TH its a big difference and Bitmain dont allow people to do it with web interface.

I agree that's a huge issue.. unfortunately there is no S15 firmware that allows for ssh, we should at least have the choice to use ssh if needed.

I don't have any S15 yet, might want to contact Alex as it seems he's got ssh working on his S15? https://www.youtube.com/watch?v=UJv6rrUNU60.

Ignore scammers on Skype, Telegram, etc. I will only ever contact you via forum PMs. See profile for fingerprint.
cfbtcman
Member
**
Offline Offline

Activity: 237
Merit: 12


View Profile
August 22, 2019, 11:09:15 PM
Last edit: August 22, 2019, 11:26:01 PM by frodocooper
 #34

I agree that's a huge issue.. unfortunately there is no S15 firmware that allows for ssh, we should at least have the choice to use ssh if needed.

I don't have any S15 yet, might want to contact Alex as it seems he's got ssh working on his S15? https://www.youtube.com/watch?v=UJv6rrUNU60.

I contacted some guys some that say they could do it but in the end nothing!
Wanted money in bitcoin a huge quantity and the ones that asked little money and said could do it remotly never have done it, even with my agree to pay it.

Well, no wonder i couldnt do anything - my ftdi was broken. I got another and everything is working as intended.

So, can you post some video/pictures of all the process like diagram connections etc ?
Artemis3
Sr. Member
****
Offline Offline

Activity: 434
Merit: 638


★777Coin.com★ Fun BTC Casino!


View Profile WWW
August 24, 2019, 07:22:15 PM
Last edit: August 26, 2019, 01:37:41 AM by frodocooper
 #35

Well, no wonder i couldnt do anything - my ftdi was broken. I got another and everything is working as intended.

Well there is always that... I guess we all have to have a tester around just in case, tho i'm not sure how that would work with the usb variant the plain serial version is easy to test. Of course there is always the "dumb" serial to usb adapter which can be separate from a "dumb" serial to lan port.

Glad it worked for you in the end.

bommachine
Newbie
*
Offline Offline

Activity: 3
Merit: 0


View Profile
August 29, 2019, 01:28:44 PM
Last edit: August 30, 2019, 04:20:39 AM by frodocooper
 #36

Hi all,

I managed to unlock a new S17 antimner to run SSH.
If you are running light http 14.3.2 it will work. If I get enough requests I will do a medium post to show how it's done.

In a nutshell the SSH service that ant miner has installed is called dropbear and is automatically re-activated if you manage to create a SSH key.
This version of light http allow you to create files directly on the system.
cfbtcman
Member
**
Offline Offline

Activity: 237
Merit: 12


View Profile
September 02, 2019, 02:49:14 AM
Last edit: September 03, 2019, 02:14:23 AM by frodocooper
Merited by frodocooper (3)
 #37

Hi all,

I managed to unlock a new S17 antimner to run SSH.
If you are running light http 14.3.2 it will work. If I get enough requests I will do a medium post to show how it's done.

In a nutshell the SSH service that ant miner has installed is called dropbear and is automatically re-activated if you manage to create a SSH key.
This version of light http allow you to create files directly on the system.

Hi, how can we know the lighttpd version?



New idea to hack S15 and S17 machines...

It seems Bitmain uses a MD5 check to watch if file is OK like you can see in this example of runme.sh script:

Code:
if [ -e uramdisk.image.gz ]; then
    md5=`md5sum uramdisk.image.gz | awk {'print $1'}`
    md5_r=`cat md5_info`
    if [ $md5 == $md5_r ];then
flash_erase /dev/mtd1 0x0 0x100 >/dev/null 2>&1
nandwrite -p -s 0x0 /dev/mtd1 uramdisk.image.gz >/dev/null 2>&1
if [ -e /dev/mtd4 ]; then
flash_erase /dev/mtd4 0x0 0x100 >/dev/null 2>&1
nandwrite -p -s 0x0 /dev/mtd4 uramdisk.image.gz >/dev/null 2>&1
fi

After calculates the md5sums in the file "fileinfo":

Code:
131e5abc56aedc8bb2aa5e32747ea0bd  md5_info
5775f1b099dbaf88bb0a09e95123efda  uramdisk.image.gz
8a9d791d493c3cb249a3aba8118f1b7d  BOOT.bin
56dc397d0ffbe15164998bc38366e69e  runme.sh

They made a new file "fileinfo.sig" with signature of them inside based in that md5sum.

So after some investigation i discovered this in wikipedia:

The weaknesses of MD5 have been exploited in the field, most infamously by the Flame malware in 2012. The CMU Software Engineering Institute considers MD5 essentially "cryptographically broken and unsuitable for further use".

So, if we change a runme.sh to run commands to open ssh like creating a dropbear file with ssh key ( its seems dropbear auto-activates if have some ssh key in config folder) and we could generate the same md5sum = 56dc397d0ffbe15164998bc38366e69e we can brake this easily !

Any ideas about how to do that hack in MD5? With this solution we can generate one image for everybody installs.
thierry4wd
Member
**
Offline Offline

Activity: 154
Merit: 70


View Profile
September 16, 2019, 08:55:28 PM
Last edit: September 17, 2019, 12:59:40 AM by frodocooper
 #38

Hi , i try this methode, but not work ...

I connected my FTDI by "RX" + "TX" + "GND" on FTDI and Antminer controler (for test is S9 controler)
I powered my controler, connected my ftdi to computer, and run coolterm (on win XP)
On coolterm, the command send with success, the green led on FDTI flash on send command, but no back :s

all help are welcome !!!  Grin

http://www.noelshack.com/2019-37-6-1568478681-20190914-182318.jpg



So ! now connect as success !

on controler booting, automatique send me a boot sequence (same page to kernel log on web page miner) , not need authentificate, is auto connect on serial !

For wire diagram, is good, but just Swap "RX" and "TX" ... ("GND" is optional ? working whitout... i don't know what)



I work for this ... is good idea working hand in hand  Tongue ? why not ?

I test to send command, but absolut no reponce ... because my miner is not operational ? not fan and not hashboard, the booting is not complet ? i don't know ... just try it soon Wink
Artemis3
Sr. Member
****
Offline Offline

Activity: 434
Merit: 638


★777Coin.com★ Fun BTC Casino!


View Profile WWW
September 16, 2019, 10:04:27 PM
 #39

So ! now connect as success !

on controler booting, automatique send me a boot sequence (same page to kernel log on web page miner) , not need authentificate, is auto connect on serial !

For wire diagram, is good, but just Swap "RX" and "TX" ... ("GND" is optional ? working whitout... i don't know what)

Yes its "optional", but use it...

And yes, given two identical serial ports, to connect to each other you have to swap tx and rx, this used to be called "null modem". AND, until gigabit LAN, to connect two nics together you were supposed to do the same thing with the two pairs it uses 12, 36, also called "crossover".

(The thing with gigabit lan is that it auto swaps the pairs, and in addition 45 and 78 are also used and swapped when needed, and it even corrects mistakes).

thierry4wd
Member
**
Offline Offline

Activity: 154
Merit: 70


View Profile
September 19, 2019, 03:32:18 PM
 #40

Update , Weldone ! SSH Run again on latest firmware !

The Fubly tuto is good !!! but missing litle information  Grin  no help for me so just search it by yourself  Grin
Pages: « 1 [2]  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!