Pages:
Author

Topic: Antbleed: A remote shutdown backdoor in antminers - page 8. (Read 8124 times)

legendary
Activity: 2590
Merit: 3015
Welt Am Draht
So if I understood it correctly, bitmain has a remote kill-switch (effectively, since they can brick the machines with the firmware change) on 70% of hashrate? fanastic. What are we supposed to do now, other than change the PoW algo immediately?

It looks like it can be blocked with a change of code. And it also looks like it's an old feature named Minerlink that was never put into action but left there to fester. That's giving the benefit of the doubt of course. Regardless, leaving a gaping hole like that isn't doing anyone any favours.
legendary
Activity: 1204
Merit: 1028
So if I understood it correctly, bitmain has a remote kill-switch (effectively, since they can brick the machines with the firmware change) on 70% of hashrate? fanastic. What are we supposed to do now, other than change the PoW algo immediately? Core Devs should be having a meeting with non-Bitmain miners right now proposing a roadmap to change the algo and leave Bitmain isolated. I don't think even the BU camp is stupid enough to keep supporting Jihan and his rigged miners anymore.

Anything but open source mining machines should be totally banned from the network. Ideally we should go back to 1cpu=1miner with a new PoW, but how do we guarantee that we will not end up like this again? at least we'll set a precedent I guess.

Anyway, I hope Core Devs are already on this like I said before. We can't go no longer than a week sitting under explosives.
sr. member
Activity: 462
Merit: 263
The devil is in the detail.
First ol'Jihan says SegWit is good code but he has to oppose it at all costs with no real justifiable reason and then his fucking backdoor comes to light!

This fuckturd is trying to destroy Bitcoin. When will people wake up!
staff
Activity: 3458
Merit: 6793
Just writing some code
This is something I was wondering about. Considering that they have the potential to shutdown hardware I would be surprised if there wasn't the possibility for them to start bricking hardware as well. I hope that Antminer gets this fixed, but it sure as hell might cause issues for a lot of people using their hardware if this doesn't start to get fixed quickly. Constant shutdowns and restarts aren't something that a miner wants to deal with a lot of the time, and a bricked piece of hardware is definitely not something they want.
There seems to be an exploit where you can send it more data than it is expecting and thus write into memory that you shouldn't thus allowing for a remote code execution exploit.

Edit: That is actually not exploitable. However bitmain supposedly has a way to reflash firmware remotely: https://www.reddit.com/r/Bitcoin/comments/67qwqv/antbleed_exposing_the_malicious_backdoor_on/dgsk6cf/
legendary
Activity: 1218
Merit: 1007
Quote
Antbleed is a backdoor introduced by Bitmain into the firmware of their bitcoin mining hardware Antminer.

The firmware checks-in with a central service randomly every 1 to 11 minutes. Each check-in transmits the Antminer serial number, MAC address and IP address. Bitmain can use this check-in data to cross check against customer sales and delivery records making it personally identifiable. The remote service can then return "false" which will stop the miner from mining.

Read http://www.antbleed.com/ for more info

The shutdown backdoor has been independently tested by multiple people.
So we know that the backdoor allows for there to be a false shutdown command sent to miners, is there any idea what other kinds of exploits are possible off of this, beyond some potential shenanigans happening with miner's hardware?

I'm looking through it and I'm not seeing anything that says anything about further potential implications of this bug. I don't believe it would be possible to take remote control of the hardware through this, would it?

I'm reading that they could also do a remote reflash of the firmware and potentially brick the hardware.
This is something I was wondering about. Considering that they have the potential to shutdown hardware I would be surprised if there wasn't the possibility for them to start bricking hardware as well. I hope that Antminer gets this fixed, but it sure as hell might cause issues for a lot of people using their hardware if this doesn't start to get fixed quickly. Constant shutdowns and restarts aren't something that a miner wants to deal with a lot of the time, and a bricked piece of hardware is definitely not something they want.
hero member
Activity: 2814
Merit: 911
Have Fun )@@( Stay Safe
The shutdown backdoor has been independently tested by multiple people.
So this means that they can literally shut down any miners at will using their hardware,which is really scary and with the scaling debate going on they could literally shut down any miners and reach a consensus and if that is the case i hope the patch works by upgrading the firmware but even an upgrade could mess things up.This is the fruits of monopoly and nothing can be done against it , which is ridiculous.
newbie
Activity: 5
Merit: 0
Quote
Antbleed is a backdoor introduced by Bitmain into the firmware of their bitcoin mining hardware Antminer.

The firmware checks-in with a central service randomly every 1 to 11 minutes. Each check-in transmits the Antminer serial number, MAC address and IP address. Bitmain can use this check-in data to cross check against customer sales and delivery records making it personally identifiable. The remote service can then return "false" which will stop the miner from mining.

Read http://www.antbleed.com/ for more info

The shutdown backdoor has been independently tested by multiple people.
So we know that the backdoor allows for there to be a false shutdown command sent to miners, is there any idea what other kinds of exploits are possible off of this, beyond some potential shenanigans happening with miner's hardware?

I'm looking through it and I'm not seeing anything that says anything about further potential implications of this bug. I don't believe it would be possible to take remote control of the hardware through this, would it?

I'm reading that they could also do a remote reflash of the firmware and potentially brick the hardware.
legendary
Activity: 1218
Merit: 1007
Quote
Antbleed is a backdoor introduced by Bitmain into the firmware of their bitcoin mining hardware Antminer.

The firmware checks-in with a central service randomly every 1 to 11 minutes. Each check-in transmits the Antminer serial number, MAC address and IP address. Bitmain can use this check-in data to cross check against customer sales and delivery records making it personally identifiable. The remote service can then return "false" which will stop the miner from mining.

Read http://www.antbleed.com/ for more info

The shutdown backdoor has been independently tested by multiple people.
So we know that the backdoor allows for there to be a false shutdown command sent to miners, is there any idea what other kinds of exploits are possible off of this, beyond some potential shenanigans happening with miner's hardware?

I'm looking through it and I'm not seeing anything that says anything about further potential implications of this bug. I don't believe it would be possible to take remote control of the hardware through this, would it?
legendary
Activity: 2590
Merit: 3015
Welt Am Draht
What's more interesting is that anyone can brick them according to this -

https://www.reddit.com/r/Bitcoin/comments/67qwqv/antbleed_exposing_the_malicious_backdoor_on/dgsk6cf/

staff
Activity: 3458
Merit: 6793
Just writing some code
Quote
Antbleed is a backdoor introduced by Bitmain into the firmware of their bitcoin mining hardware Antminer.

The firmware checks-in with a central service randomly every 1 to 11 minutes. Each check-in transmits the Antminer serial number, MAC address and IP address. Bitmain can use this check-in data to cross check against customer sales and delivery records making it personally identifiable. The remote service can then return "false" which will stop the miner from mining.

Read http://www.antbleed.com/ for more info

The shutdown backdoor has been independently tested by multiple people.

Edit:

I have analyzed the code and I have determined how this is happening and most likely why it was put there.
First, let's start with the how. The firmware will spawn a thread which calls the send_mac function which, as the name implies, sends data about the machine to the AUTH_URL auth.minerlink.com. The device then will attempt to receive data from the server and check if the response is false. If it is, the function returns true which sets the stop_mining global variable to be true.

When that variable is true, in the temperature checking thread, it will set the status_error global variable to true. That will then tell the work update function to not send out jobs so it is no longer mining.



Now for the why.

Bitmain previously was going to launch a service called Minerlink. This service never launched, but it was intended get the "real-time miner status remotely". There is probably a feature that allows you to make sure that the only miners submitting work for you are your miners, hence the need for an auth url. It is also possible that another feature was to allow you to remotely stop a machine from mining if it were misbehaving. This would explain why this code was put there in the first place. However, since minerlink does not exist, this functionality is now a liability and should have been removed long ago.
Pages:
Jump to: