psycodad
Legendary
Offline
Activity: 1672
Merit: 1885
精神分析的爸
|
|
March 10, 2016, 12:57:53 PM |
|
In my understanding it means that if the application compiled against the vulnerable glibc does a gethostbyname() call it can be owned. Now since a miner typically resolves the IP of the pool it wants to connect to, the miner might be pretty easy to attack as you can relatively easy predict that it will resolve its pool sooner or later. It is unclear to my understanding if the DNS server your miner uses would discard an actual malformed answer that would trigger the vulnerability.
The firewall you have in front of your miners doesn't help anything here (except you have it locked down so much, that the miner only can connect to the pools ip and port, else the attacker just launches a reverse shell with nc or whatever is en vogue right now. So theoretically you could just remove any DNS servers from your Pi (echo "" > /etc/resolv.conf) and instead of the name of your pool, add the IP of the pool in the web frontend (and hope your pool doesn't switch providers or whatever could make a change of IP necessary).
Other than that running "apt-get update; apt-get upgrade" and waiting for a new miner binary to be released there is not much we Terminator operators can do right now. Let's hope this will be before real exploits are being published. AFAIK there are currently only 2 PoC exploits in the wild which make it unlikely that the the average Terminator out there is targeted but that might change quickly once there is for example a module for metasploit.
True I can see that, for some reason I had not though about send a download and run type thing. I was looking, I see the vulnerability for glibc but not really for eglibc, guess going to have to make a test bench somehow eglibc is equally affected from the problem as far as I can judge: i.e.: http://www.ubuntu.com/usn/usn-2485-1/I am not that into coding and software as I would like. Do I read it correctly that because I have build the cgminer builds on the raspberry pi and not under Ubuntu that the builds are not vulnerable?? Most advisories only talk about glibc, but I am pretty confident all previous versions of eglibc were vulnerable (no matter if ubuntu or debian): https://www.debian.org/security/2016/dsa-3480If you still have your build system available, just apt-get upgrade it and then make the binary again, that should be sufficient (eventually a make clean would be advisable before). Could you explain what make does in detail? Does it include the glib-code (or parts of it) in the output or only links to the relevant things? If it does the latter, then would it not be sufficient to only upgrade the system and the previously compiled results then would point to the upgraded, non-vulnerable version? Good point, I am not expert enough to answer this. To my knowlegde if eglibc has not been linked statically then this could be enough (= if -static was not used for building).
|
|
|
|
felix73
|
|
March 20, 2016, 05:24:40 AM |
|
someone tried v5? It does not work for me. I can not find A2 on the network ..
im us advanced ip scanner.
and twice downloaded iso
need ISo for new a 2 -12 CHIPS 1380 MGZ
|
|
|
|
emdje (OP)
|
|
March 20, 2016, 08:36:58 AM |
|
someone tried v5? It does not work for me. I can not find A2 on the network ..
im us advanced ip scanner.
and twice downloaded iso
need ISo for new a 2 -12 CHIPS 1380 MGZ
Try logging into your router and look at the connected devices. When I need to find my A2 I just login to my router and see the raspberry pi connected to it. I never have any issues finding my A2 with any of the software versions.
|
|
|
|
emdje (OP)
|
|
March 20, 2016, 08:49:53 AM |
|
I just ordered an A2 Mega from ZoomHash and it should be here tomorrow. I am completely new to this miner and I saw the title to this thread about under and overclocking the A2. I would be interested in cranking mine down so that is runs cooler and uses less power. Is this image compatible with the A2 Mega? What is the slowest speed we can run these and be stable? Any recommendations you might have would be greatly appreciated!
Providing that you can provide a stable power source, and keep the chip cool, it will run stable from 400MHz (5Mhash per 8 chip board) to 1500MHz (18.6 Mhash per 8 chip board). If you want to overclock the chips beyond 1200MHz, increase the voltage to .92, or as one user suggest even to 1 volt. Somewhere in this thread I describe how you can overvolt (or undervolt in the same way) your board. If you significantly want to go under the 1200MHz you can undervolt your board. I have no experience with that though as to how low with which clock frequencies you can go.
|
|
|
|
felix73
|
|
March 20, 2016, 11:36:29 AM |
|
someone tried v5? It does not work for me. I can not find A2 on the network ..
im us advanced ip scanner.
and twice downloaded iso
need ISo for new a 2 -12 CHIPS 1380 MGZ
Try logging into your router and look at the connected devices. When I need to find my A2 I just login to my router and see the raspberry pi connected to it. I never have any issues finding my A2 with any of the software versions. im logging into router not present a2 device software v5.0 -working,,,,,,,,,? ? what ip in v 5.0 dhcp,?
|
|
|
|
emdje (OP)
|
|
March 20, 2016, 12:41:05 PM |
|
someone tried v5? It does not work for me. I can not find A2 on the network ..
im us advanced ip scanner.
and twice downloaded iso
need ISo for new a 2 -12 CHIPS 1380 MGZ
Try logging into your router and look at the connected devices. When I need to find my A2 I just login to my router and see the raspberry pi connected to it. I never have any issues finding my A2 with any of the software versions. im logging into router not present a2 device software v5.0 -working,,,,,,,,,? ? what ip in v 5.0 dhcp,? Yes DHCP for the IP. But what do you mean with your other question, could you post a screenshot of your router page?
|
|
|
|
felix73
|
|
March 20, 2016, 02:06:45 PM |
|
not avileble a2 ..... v2, 3, 4, working well! v5 not working im download ISO v5 and write win32disc imiger to sd Not working v5.... pls help
|
|
|
|
emdje (OP)
|
|
March 20, 2016, 02:50:35 PM |
|
How is your A2 connected to the network? Cable or wifi? Wifi obviously requires setting up with cable access to the pi. If cable, how is it routed? directly to the router, through a switch? Is the cable still good? What are the lights on the board doing, blinking first and then just burning?
I am in the middle of moving, but I will download the ISO (instead of using the one on my computer), burn it freshly and check if it works out of the box in the comming days. If there are issues I will try and adress them.
If you have another SD card you can always just plug in the v4, if that seems to work for you.
|
|
|
|
felix73
|
|
March 20, 2016, 03:29:18 PM Last edit: March 20, 2016, 04:23:52 PM by felix73 |
|
im connected by cabel im download v 4 and write to sd -work well and download v 5 and write-not work im need v 5.0 for 12 chip board emdje pls download v5.0 and write to sd ,and try to start V5.0..... version you upload https://mega.nz/#!rIdCwaYI!eh55V6G3eAWILmRJbXZA__gzSQcsBePByxpIqEr4cyU not working. Please check it and upload it again
|
|
|
|
emdje (OP)
|
|
March 20, 2016, 04:23:09 PM |
|
In your photo I see the raspberry pi led's. But I meant the led's on the hashing boards.
You say that you need it for a 12 chip board. Are you currently trying to use the v5.0 software on that, or on a regular board?
I will try the software in the comming days none the less.
|
|
|
|
CartmanSPC
Legendary
Offline
Activity: 1270
Merit: 1000
|
|
March 20, 2016, 10:11:04 PM |
|
I am in the middle of moving, but I will download the ISO (instead of using the one on my computer), burn it freshly and check if it works out of the box in the comming days. If there are issues I will try and adress them.
If you have another SD card you can always just plug in the v4, if that seems to work for you.
emdje, I too was never able to get v5 working. Reverted to v4. Tried two different SD cards. Didn't report since it appeared others were successful. felix, I would recommend trying v4 to see if you can get that one working.
|
|
|
|
emdje (OP)
|
|
March 20, 2016, 10:24:08 PM |
|
I am in the middle of moving, but I will download the ISO (instead of using the one on my computer), burn it freshly and check if it works out of the box in the comming days. If there are issues I will try and adress them.
If you have another SD card you can always just plug in the v4, if that seems to work for you.
emdje, I too was never able to get v5 working. Reverted to v4. Tried two different SD cards. Didn't report since it appeared others were successful. felix, I would recommend trying v4 to see if you can get that one working. Thank you for pointing that out. No I most certainly will have another look at it in the next comming days.
|
|
|
|
felix73
|
|
March 21, 2016, 01:15:56 AM |
|
I am in the middle of moving, but I will download the ISO (instead of using the one on my computer), burn it freshly and check if it works out of the box in the comming days. If there are issues I will try and adress them.
If you have another SD card you can always just plug in the v4, if that seems to work for you.
emdje, I too was never able to get v5 working. Reverted to v4. Tried two different SD cards. Didn't report since it appeared others were successful. felix, I would recommend trying v4 to see if you can get that one working. v4. for 8 chip im need 12 chip... im download and write to sd v4.0 this version not correctly for 12 chip board my sd card work good !!!! im try 3 pcs sd card for write v5.0 with the version 4.0 I see raspberriey in the network and with the version 5.0 is not. You understand what I wrote?
|
|
|
|
CartmanSPC
Legendary
Offline
Activity: 1270
Merit: 1000
|
|
March 21, 2016, 03:05:42 AM |
|
v4. for 8 chip
im need 12 chip...
im download and write to sd v4.0 this version not correctly for 12 chip board
my sd card work good !!!! im try 3 pcs sd card for write v5.0 with the version 4.0 I see raspberriey in the network and with the version 5.0 is not. You understand what I wrote?
Yes, I think emdje understands. Please give him a few days to check on v5. Until then you can try this one: https://bitcointalk.org/index.php?topic=1141802.0
|
|
|
|
felix73
|
|
March 21, 2016, 03:46:29 AM |
|
already I tried ANX version soft not avileble freq more 1200 mhz
|
|
|
|
ZeroGee
Member
Offline
Activity: 92
Merit: 10
|
|
March 21, 2016, 05:25:40 AM Last edit: March 21, 2016, 05:58:54 AM by ZeroGee |
|
In regards to the ANX version, you can change the speeds manually by editing /var/www/index.php. I've been using it for quite some time now. Something like this. It should be self explanatory. <tr> <td>Speed:</td> <td> <select name="speed" id="speed" onchange="showhashspeed()"> <option value="1400" <?php if ($speed==1400) echo 'selected = \"selected\"'; ?> >1400Mhz</option> <option value="1320" <?php if ($speed==1320) echo 'selected = \"selected\"'; ?> >1320Mhz</option> <option value="1300" <?php if ($speed==1300) echo 'selected = \"selected\"'; ?> >1300Mhz</option> <option value="1200" <?php if ($speed==1200) echo 'selected = \"selected\"'; ?> >1200Mhz</option> <option value="1100" <?php if ($speed==1100) echo 'selected = \"selected\"'; ?> >1100Mhz</option> <option value="1000" <?php if ($speed==1000) echo 'selected = \"selected\"'; ?> >1000Mhz</option> <option value="900" <?php if ($speed==900) echo 'selected = \"selected\"'; ?> >900 Mhz</option> <option value="800" <?php if ($speed==800) echo 'selected = \"selected\"'; ?> >800 Mhz</option> <option value="700" <?php if ($speed==700) echo 'selected = \"selected\"'; ?> >700 Mhz</option> <option value="600" <?php if ($speed==600) echo 'selected = \"selected\"'; ?> >600 Mhz</option> <option value="500" <?php if ($speed==500) echo 'selected = \"selected\"'; ?> >500 Mhz</option> </select> </td> </tr> My experience of Emdje's V5.0 usage on a A2 110MH/s 6 board, 10 chips on a 10 chip green board: It seems that V5.0 does not have DHCP enabled by default. I had to edit /etc/network/interface to connect to my network. From here I use nmap or another IP scanner on windows. auto lo iface lo inet loopback auto eth0 allow-hotplug eth0 iface eth0 inet dhcp Also, I have to perform a hard reset in order to make changes, but I'm pretty sure that's due to the hwreset issues. It seems I need to solder the hwreset pin jumper as mjgraham has suggested. I don't get any usable hashrate for more than 2 seconds. I tried combinations of --stmcu 0 and --hwreset just for fun. Nothing seems to work. In the meantime, I will have to move back to ANX's image.
|
|
|
|
mjgraham
|
|
March 21, 2016, 11:50:18 AM |
|
In regards to the ANX version, you can change the speeds manually by editing /var/www/index.php. I've been using it for quite some time now. Something like this. It should be self explanatory. <tr> <td>Speed:</td> <td> <select name="speed" id="speed" onchange="showhashspeed()"> <option value="1400" <?php if ($speed==1400) echo 'selected = \"selected\"'; ?> >1400Mhz</option> <option value="1320" <?php if ($speed==1320) echo 'selected = \"selected\"'; ?> >1320Mhz</option> <option value="1300" <?php if ($speed==1300) echo 'selected = \"selected\"'; ?> >1300Mhz</option> <option value="1200" <?php if ($speed==1200) echo 'selected = \"selected\"'; ?> >1200Mhz</option> <option value="1100" <?php if ($speed==1100) echo 'selected = \"selected\"'; ?> >1100Mhz</option> <option value="1000" <?php if ($speed==1000) echo 'selected = \"selected\"'; ?> >1000Mhz</option> <option value="900" <?php if ($speed==900) echo 'selected = \"selected\"'; ?> >900 Mhz</option> <option value="800" <?php if ($speed==800) echo 'selected = \"selected\"'; ?> >800 Mhz</option> <option value="700" <?php if ($speed==700) echo 'selected = \"selected\"'; ?> >700 Mhz</option> <option value="600" <?php if ($speed==600) echo 'selected = \"selected\"'; ?> >600 Mhz</option> <option value="500" <?php if ($speed==500) echo 'selected = \"selected\"'; ?> >500 Mhz</option> </select> </td> </tr> My experience of Emdje's V5.0 usage on a A2 110MH/s 6 board, 10 chips on a 10 chip green board: It seems that V5.0 does not have DHCP enabled by default. I had to edit /etc/network/interface to connect to my network. From here I use nmap or another IP scanner on windows. auto lo iface lo inet loopback auto eth0 allow-hotplug eth0 iface eth0 inet dhcp Also, I have to perform a hard reset in order to make changes, but I'm pretty sure that's due to the hwreset issues. It seems I need to solder the hwreset pin jumper as mjgraham has suggested. I don't get any usable hashrate for more than 2 seconds. I tried combinations of --stmcu 0 and --hwreset just for fun. Nothing seems to work. In the meantime, I will have to move back to ANX's image. Well it turns out there is another wrinkle to the hwreset thing with the 110 A2s, on the controller board they didnt even bother to finish routing all the traces to even hook them up, they started on 1-3 which they went all over the place then 4-6 go no where. Then if you do this. to go ahead and hook them up, the logic is backwards so if you use hwreset it actually disables them. I think the original 8 chip must have been built different , I know on the 12 chip blue boards I have that pin was hooked up but didn't work , it was off one pin on the uC on the has board, don't know if it was designed that way or just a screw up.
|
|
|
|
ZeroGee
Member
Offline
Activity: 92
Merit: 10
|
|
March 22, 2016, 01:16:12 AM |
|
Interesting. I did run into a problem that can be explained by such an issue. Only a few boards were able to be reset. So, with soldering the jumper on the blades and combining the pins on the controller you are able to get the hardware based reset to work on the 110s? It'll be a few days before I can tear it apart again, but that's good to know.
|
|
|
|
mjgraham
|
|
March 22, 2016, 03:52:36 AM |
|
Interesting. I did run into a problem that can be explained by such an issue. Only a few boards were able to be reset. So, with soldering the jumper on the blades and combining the pins on the controller you are able to get the hardware based reset to work on the 110s? It'll be a few days before I can tear it apart again, but that's good to know.
well not with the cgminer, as soon as you run it with --hwreset it sets that pin and it leaves it low which leaves the boards disabled , so i was just toggling the gpio pin #9 to test, i think i have about isolated the issue and might be able to help for a software fix that makes everyone happy. done a lot of spi captures today with all the different software versions , found some interesting things.
|
|
|
|
emdje (OP)
|
|
March 24, 2016, 10:44:12 AM |
|
I am in the middle of moving, but I will download the ISO (instead of using the one on my computer), burn it freshly and check if it works out of the box in the comming days. If there are issues I will try and adress them.
If you have another SD card you can always just plug in the v4, if that seems to work for you.
emdje, I too was never able to get v5 working. Reverted to v4. Tried two different SD cards. Didn't report since it appeared others were successful. felix, I would recommend trying v4 to see if you can get that one working. v4. for 8 chip im need 12 chip... im download and write to sd v4.0 this version not correctly for 12 chip board my sd card work good !!!! im try 3 pcs sd card for write v5.0 with the version 4.0 I see raspberriey in the network and with the version 5.0 is not. You understand what I wrote? I have re-downloaded my version 5.0 from the website: https://mega.nz/#!rIdCwaYI!eh55V6G3eAWILmRJbXZA__gzSQcsBePByxpIqEr4cyUBurned it to a new SD card, put it in the miner and turned it on. It showed up when I logged into the modem: It then took about 2 minutes before the miner started mining (the green lights on the hashing boards stop blinking and burn continuously) Typing the IP in the browser takes me to the controller page: Possibly the gateway is defaulted to 192.168.178.1 and the miner ip to 192.168.178.17, try that.
|
|
|
|
|