Antminer Hack S9 /S15 / S17 / Sx aso. SSH and so on for free

thierry4wd

sr. member

Activity: 446

Merit: 347

19 series containe Efuse Grin

GrahamBam

newbie

Activity: 9

Merit: 0

Does this still work? Will it work on a S19J Pro?

Thanks

Ryanyehan23

newbie

Activity: 1

Merit: 0

hello pls help..my S9 signature lock 2019, then have missing chip. beside sd card slot..I buy USB to uArt from amazon from this link. I try connect my s9 board from usb s9 board Rx to Tx, Tx to Rx,then Ground, I used cool term. i follow the instruction above, then I power my board I got a reading..continuously...no stopping I cant log in cause continues reading...or receiving from my board..pls help to unlock my s9 i try everything from GUI Sd card but nothing happen I thought the USB to TTL is working here..https://www.amazon.com/gp/product/B00LZVEQEY/ref=ppx_yo_dt_b_asin_title_o00_s00?ie=UTF8&psc=1

fubly

hero member

Activity: 561

Merit: 517

Trustless IceColdWallet

File: /www/pages/cgi-bin/activate_ssh_again.cgi

Code:

#!/bin/sh
##############################################################################
 #category "BitCain5.com for Bitmain Antminer's "
 #package "BitCain5.com custom Firmware"
 #author Miguel Padilla 
 #copyright (c) 2013 - 2021 Miguel Padilla
 #link "https://shop.zwilla.de"
 #github "https://github/zwilla"
 #twitter "https://twitter.com/mytokenwallet"
 #license: closed
##############################################################################

set -x

fuser -vk 22/tcp | sh /etc/init.d/network.sh | /etc/init.d/avahi restart > /dev/null | sh /etc/init.d/dropbear start | /usr/sbin/lighttpd -f /etc/lighttpd.conf

cat <<-EOH





 
SSH is activated!

Enable SSH


If you are not redirected automatically, follow the

link


EOH
exec 2>&1
exit 0;

dms1984

newbie

Activity: 2

Merit: 0

Quote from: cdmkultra on February 04, 2020, 02:23:52 AM

*****UPDATE*****

Finally I was able to get this to work.

Please DM me if you would like the solution. Not charging anything, its just better this way.

cdmkultra, mate I would love to get the solution you've mentioned but you have recieving messages from "Newbie" rank blocked so I can't contact you via PM. Please set it differently (it has to be done explicitly with checking "Allow newbies to send you PMs." option in the Personal Message Options in your Profile settings. Or contact me via PM.

cdmkultra

newbie

Activity: 10

Merit: 0

thank you for the post and the help here. I followed these directions below and had a little trouble but ultimately was able to get "almost" all of it working for an S9.

I am using the following Firmware

Code:

Miner Type	                              Antminer S9
Hostname	                             antMiner
Model	                                     GNU/Linux
Hardware Version	                     30.0.1.3
Kernel Version	                             Linux 3.14.0-xilinx-ga36f3af-dirty #90 SMP PREEMPT Thu Jun 20 15:01:47 CST 2019
File System Version	             Tue Jul 30 20:37:39 CST 2019
Logic Version	                             V1.3.56
BMminer Version	                     2.0.0

Problems I noticed:

It appears that Bitmain has taken some precautions to confuse us a bit more

- Changed the ownership of many directories away from root
- Changed Read,Write,Execution settings for certain import files (including some dropbear related files)

Results:

After giving ownership back to root and allowing those particular dropbear files to be executed, I was able to get the RSA Key created!! SUCCESS KIND OF ;(

However, dropbear will not start and I cannot figure out why. So I was hoping that someone could give me a couple commands to try and I will post the results back here.

*****UPDATE*****

Finally I was able to get this to work.

Please DM me if you would like the solution. Not charging anything, its just better this way.

jnctky

newbie

Activity: 1

Merit: 0

Quote from: bommachine on August 29, 2019, 09:28:44 AM

Hi all,

I managed to unlock a new S17 antimner to run SSH.
If you are running light http 14.3.2 it will work. If I get enough requests I will do a medium post to show how it's done.

In a nutshell the SSH service that ant miner has installed is called dropbear and is automatically re-activated if you manage to create a SSH key.
This version of light http allow you to create files directly on the system.

Cool!
Did you unlocked S17 with 0524 firmware or with latest firmware?
Could you please let us know which security issue of lighttpd is being used? Do u have the exploit or cve number?
Thank you in advance!!!

cfbtcman

member

Activity: 264

Merit: 16

What about exploit file?

It seems the 1st exploit was just a file that explored a bug by http access, someone sent me the file, but gives me some error testing, someone can tryit using a linux computer that can run anything even in the case could have virus?

This is supposed to work just running the command and giving the IP of machine we want to activate SSH as parameter, i dont have success because there is some error, but other guys i passed this they get another errors, this is supposed to run in Ubuntu, someone can try in a closed environment for the possibility of virus and give feedback?

https://gofile.io/?c=Xblcbq

dctech81

newbie

Activity: 1

Merit: 0

So, all the exploits I knew of are now patched in the latest firmware. So I'm trying the FTDI method. Can I get some help here?

Quote from: fubly on June 04, 2019, 08:22:47 PM

HACK FIRMWARE and SSH and EXPLOIT for free

buy this ftdi /2EUBb3P]https://[Suspicious link removed]/2EUBb3P
install cooltherm http://freeware.the-meiers.org/#CoolTerm Mac/Win/Linux/Raspi (DONATE)
connect to any antminer board
Connect ftdi to usb
start CoolTerm
Set 115000
power on your miner
login as usual: root admin

I got the exact FTDI board linked here. Using an S9 for testing, but not getting any data over serial. I've tried different computers (2x Windows 10, 1x Linux running inside a VM) and different USB cables, no dice so far.

Could be my FTDI board is bad, but I want to make sure I have the setup correct:

- Does the square hole on the board correspond to DTR or GND? When I connect DTR, the control board lights up even with PSU off.
- Are we supposed to use 3.3v or 5v? 3.3v does nothing for me, but the above works on 5v.

Any suggestions?

Hache

jr. member

Activity: 36

Merit: 5

CEO - Krater.io

hi everyone!

I managed to log into the miner over serial. After that I created the RSA Key without the -y argument, because the file didn't previously exist. That created the dropbear_rsa_host_key succesfully. However upon reboot I am unable to SSH into the miner. I can SSH into the miner if I do

Code:

dropbear -r /config/dropbear_rsa_host_key -p 22

and then ssh into the miner from another computer in the network.

I started investigating and found /etc/default/dropbear and /config/dropbear. Those two files contain only a line "NO_START=1". I changed both to "NO_START=0" but it didn't work. After restarting the miner, both files will show "NO_START=1" again.

I cannot for the life of me find out what other process or init script is chaging those files and making the dropbear not start appropriately.

Can someone give me a hand, please?

EDIT: I tried editing /etc/init.d/bitmainer_setup.sh and comment out all the lines referring to dropbear and the config files. Doesn't work. After reboot it gets back to the original state.

I cannot find the init script that makes that file go back to its original state disabling dropbear init script.

kasner

newbie

Activity: 4

Merit: 0

Quote from: fubly on October 24, 2019, 09:24:18 AM

next hint:
"cam" Grin

??

fubly

hero member

Activity: 561

Merit: 517

Trustless IceColdWallet

next hint:
"cam" Grin

kasner

newbie

Activity: 4

Merit: 0

Ive connected to S15 ok. But SSH service doesn't starts after reboot. If i run it from command line service starts fine.

Code:

/usr/sbin/dropbear -r /config/dropbear_rsa_host_key -p 22

How to fix that ?

TNX
Kasner

thierry4wd

sr. member

Activity: 446

Merit: 347

Update , Weldone ! SSH Run again on latest firmware !

The Fubly tuto is good !!! but missing litle information Grin

no help for me so just search it by yourself Grin

Artemis3

legendary

Activity: 1988

Merit: 1561

CLEAN non GPL infringing code made in Rust lang

Quote from: thierry4wd on September 16, 2019, 04:55:28 PM

So ! now connect as success !

on controler booting, automatique send me a boot sequence (same page to kernel log on web page miner) , not need authentificate, is auto connect on serial !

For wire diagram, is good, but just Swap "RX" and "TX" ... ("GND" is optional ? working whitout... i don't know what)

Yes its "optional", but use it...

And yes, given two identical serial ports, to connect to each other you have to swap tx and rx, this used to be called "null modem". AND, until gigabit LAN, to connect two nics together you were supposed to do the same thing with the two pairs it uses 12, 36, also called "crossover".

(The thing with gigabit lan is that it auto swaps the pairs, and in addition 45 and 78 are also used and swapped when needed, and it even corrects mistakes).

thierry4wd

sr. member

Activity: 446

Merit: 347

Quote from: ?? on ??

Hi , i try this methode, but not work ...

I connected my FTDI by "RX" + "TX" + "GND" on FTDI and Antminer controler (for test is S9 controler)
I powered my controler, connected my ftdi to computer, and run coolterm (on win XP)
On coolterm, the command send with success, the green led on FDTI flash on send command, but no back :s

all help are welcome !!! Grin

http://www.noelshack.com/2019-37-6-1568478681-20190914-182318.jpg

So ! now connect as success !

on controler booting, automatique send me a boot sequence (same page to kernel log on web page miner) , not need authentificate, is auto connect on serial !

For wire diagram, is good, but just Swap "RX" and "TX" ... ("GND" is optional ? working whitout... i don't know what)

I work for this ... is good idea working hand in hand Tongue

? why not ?

I test to send command, but absolut no reponce ... because my miner is not operational ? not fan and not hashboard, the booting is not complet ? i don't know ... just try it soon Wink

cfbtcman

member

Activity: 264

Merit: 16

Quote from: bommachine on August 29, 2019, 09:28:44 AM

Hi all,

I managed to unlock a new S17 antimner to run SSH.
If you are running light http 14.3.2 it will work. If I get enough requests I will do a medium post to show how it's done.

In a nutshell the SSH service that ant miner has installed is called dropbear and is automatically re-activated if you manage to create a SSH key.
This version of light http allow you to create files directly on the system.

Hi, how can we know the lighttpd version?

New idea to hack S15 and S17 machines...

It seems Bitmain uses a MD5 check to watch if file is OK like you can see in this example of runme.sh script:

Code:

if [ -e uramdisk.image.gz ]; then
    md5=`md5sum uramdisk.image.gz | awk {'print $1'}`
    md5_r=`cat md5_info`
    if [ $md5 == $md5_r ];then
		flash_erase /dev/mtd1 0x0 0x100 >/dev/null 2>&1
		nandwrite -p -s 0x0 /dev/mtd1 uramdisk.image.gz >/dev/null 2>&1
		if [ -e /dev/mtd4 ]; then
			flash_erase /dev/mtd4 0x0 0x100 >/dev/null 2>&1
			nandwrite -p -s 0x0 /dev/mtd4 uramdisk.image.gz >/dev/null 2>&1
		fi

After calculates the md5sums in the file "fileinfo":

Code:

131e5abc56aedc8bb2aa5e32747ea0bd  md5_info
5775f1b099dbaf88bb0a09e95123efda  uramdisk.image.gz
8a9d791d493c3cb249a3aba8118f1b7d  BOOT.bin
56dc397d0ffbe15164998bc38366e69e  runme.sh

They made a new file "fileinfo.sig" with signature of them inside based in that md5sum.

So after some investigation i discovered this in wikipedia:

Quote from: https://en.wikipedia.org/wiki/MD5

The weaknesses of MD5 have been exploited in the field, most infamously by the Flame malware in 2012. The CMU Software Engineering Institute considers MD5 essentially "cryptographically broken and unsuitable for further use".

So, if we change a runme.sh to run commands to open ssh like creating a dropbear file with ssh key ( its seems dropbear auto-activates if have some ssh key in config folder) and we could generate the same md5sum = 56dc397d0ffbe15164998bc38366e69e we can brake this easily !

Any ideas about how to do that hack in MD5? With this solution we can generate one image for everybody installs.

bommachine

newbie

Activity: 5

Merit: 0

Hi all,

I managed to unlock a new S17 antimner to run SSH.
If you are running light http 14.3.2 it will work. If I get enough requests I will do a medium post to show how it's done.

In a nutshell the SSH service that ant miner has installed is called dropbear and is automatically re-activated if you manage to create a SSH key.
This version of light http allow you to create files directly on the system.

Artemis3

legendary

Activity: 1988

Merit: 1561

CLEAN non GPL infringing code made in Rust lang

Quote from: supersonic on August 21, 2019, 03:17:17 AM

Well, no wonder i couldnt do anything - my ftdi was broken. I got another and everything is working as intended.

Well there is always that... I guess we all have to have a tester around just in case, tho i'm not sure how that would work with the usb variant the plain serial version is easy to test. Of course there is always the "dumb" serial to usb adapter which can be separate from a "dumb" serial to lan port.

Glad it worked for you in the end.

cfbtcman

member

Activity: 264

Merit: 16

Quote from: tim-bc on August 21, 2019, 06:42:25 PM

I agree that's a huge issue.. unfortunately there is no S15 firmware that allows for ssh, we should at least have the choice to use ssh if needed.

I don't have any S15 yet, might want to contact Alex as it seems he's got ssh working on his S15? https://www.youtube.com/watch?v=UJv6rrUNU60.

I contacted some guys some that say they could do it but in the end nothing!
Wanted money in bitcoin a huge quantity and the ones that asked little money and said could do it remotly never have done it, even with my agree to pay it.

Quote from: supersonic on August 21, 2019, 03:17:17 AM

Well, no wonder i couldnt do anything - my ftdi was broken. I got another and everything is working as intended.

So, can you post some video/pictures of all the process like diagram connections etc ?

tim-bc

full member

Activity: 538

Merit: 175

Quote from: cfbtcman on July 27, 2019, 03:24:01 AM

Tim, in a S15 you can easily overclocking it to do 33TH and oficially it just do 28TH its a big difference and Bitmain dont allow people to do it with web interface.

I agree that's a huge issue.. unfortunately there is no S15 firmware that allows for ssh, we should at least have the choice to use ssh if needed.

I don't have any S15 yet, might want to contact Alex as it seems he's got ssh working on his S15? https://www.youtube.com/watch?v=UJv6rrUNU60.

supersonic

full member

Activity: 195

Merit: 104

Quote from: Artemis3 on August 12, 2019, 02:01:33 PM

That sounds like your terminal has the wrong echo configuration. I am not exactly sure how good something like putty is for serial communications as i have never ever tried it for that. Anyway whatever terminal you use, try to find out how to change the echo configuration so it shows the characters you are sending instead of waiting for remote to send them back.

Well, no wonder i couldnt do anything - my ftdi was broken. I got another and everything is working as intended.

cfbtcman

member

Activity: 264

Merit: 16

Quote from: Artemis3 on August 13, 2019, 06:50:46 PM

If i were you, i would use the sdcard method and be done with it. Don't ask me about the newer units as i haven't touched one (yet).

I think there is no solution yet to boot with SDCARD in a S15 machine.

Quote from: fubly on August 13, 2019, 06:22:57 AM

New hint:
this exploit will not work, wrong parameters in curl, will only work on already opened firmware.

There is no create_log_backup.cgi, just on very old ones create_conf_backup.cgi. So it's the wrong CGI file to inject the code!
Good luck, and note nothing is for free.

If nothing is for free these post makes no sense!
There is many things free in this life like air, sunlight, rain...

Ok, even if we need to pay it, someone have the contact of someone that can unlock machines remotly for a fair price?

If everybody could unlock and overclock machines the hashrate would grow up, without hashrate going up, bitcoin cant go up, all we want bitcoin going up, so teoretically the guys that have the solution could post the solution and they could earn in bitcoin valorization, the problem is that guys are very smart in somethings but not so smart in another.

If i had the solution i would post for everybody.

BitMaxz

legendary

Activity: 3206

Merit: 2904

Block halving is coming.

Quote from: DrHyed on August 14, 2019, 06:19:14 PM

Ive been tryng to downgrade the firmwear my T9+ for about a week and Im having no luck. The board will not take a sd card flash no matter what I try, I am not technical enough to truly dig in to the firmware (though I did try for about 1.5 days...) so I bought a ftdi but Im not having any luck with it either. I have cooltherm and the ft232 drivers installed and the pin outs connected correctly to the t9+ board and ftdi but I am not prompted to log in when I open cooltherm or plug the ftdi into the computer or press the connect button inside cooltherm. I have the baud rate at 115000, the miner board is powered up, what am I missing? How do I make the ftdi and miner board talk? Im assuming once they are communicating I can modify the bin file (or whatever its called specifically) via cooltherm and then upgrade/downgrade out of the ssh version of the firmwear thats on my board at the moment? Sorry for all the questions, ill get this newb knocked off me soon I promise!

How about the jumper? Did you know that you need to move the jp4 jumper before you flash the miner.
Check this guide on how to flash the antminer t9+ with SD card from here "T9+ Control Board Program Recovery"

About FTDI I think this tool is only for old ASIC miner.
Check this thread from here https://bitcointalksearch.org/topic/ftdi-driver-update-may-brick-some-miners-831601

DrHyed

newbie

Activity: 5

Merit: 0

Ive been tryng to downgrade the firmwear my T9+ for about a week and Im having no luck. The board will not take a sd card flash no matter what I try, I am not technical enough to truly dig in to the firmware (though I did try for about 1.5 days...) so I bought a ftdi but Im not having any luck with it either. I have cooltherm and the ft232 drivers installed and the pin outs connected correctly to the t9+ board and ftdi but I am not prompted to log in when I open cooltherm or plug the ftdi into the computer or press the connect button inside cooltherm. I have the baud rate at 115000, the miner board is powered up, what am I missing? How do I make the ftdi and miner board talk? Im assuming once they are communicating I can modify the bin file (or whatever its called specifically) via cooltherm and then upgrade/downgrade out of the ssh version of the firmwear thats on my board at the moment? Sorry for all the questions, ill get this newb knocked off me soon I promise!

Thank You
Jay

Artemis3

legendary

Activity: 1988

Merit: 1561

CLEAN non GPL infringing code made in Rust lang

Quote from: cfbtcman on August 12, 2019, 11:28:13 PM

Artemis, this is a post just to try to make Bitmain thinks there is solution?

If i were you, i would use the sdcard method and be done with it. Don't ask me about the newer units as i haven't touched one (yet).

bommachine

newbie

Activity: 5

Merit: 0

Cool I’ve got copies of the old firmware so I’ll test. Once I know the version of lighthttpd it will be quite easy to find the appropriate exploit if it does exist.

fubly

hero member

Activity: 561

Merit: 517

Trustless IceColdWallet

New hint:
this exploit will not work, wrong parameters in curl, will only work on already opened firmware.

There is no create_log_backup.cgi, just on very old ones create_conf_backup.cgi. So it's the wrong CGI file to inject the code!
Good luck, and note nothing is for free.

bommachine

newbie

Activity: 5

Merit: 0

Has anyone tried the instructions in the following link?

https://forum.hiveos.farm/t/antminer-s17-t17-support/12415
It’s based on a lighthttpd exploit on firmware version 0527 which is longer available to download.

If anyone has this firmware could they share with us so we can test.

Another method I’m going to try is to change the firmware myself and then reupload, but not sure that will work.

cfbtcman

member

Activity: 264

Merit: 16

Artemis, this is a post just to try to make Bitmain thinks there is solution?

I ask this because the only guys that say they can open SSH they ask a lot of money in bitcoin and they say just work with >100 units and they dont give solutions for free!

In this conditions i have the solution too, i can pass my BTC address to anybody that wants to pay!!!!

Here we have ppl saying the pinout of FTDI needs to be connected to RJ45 port?!!!!!! I never saw that in all my life!

I spoke with some guys that say there is special points in board to make the connections, here nobody prints pictures of a scheme or a link to youtube, so, this is real or just another myth?

Have you already tried and worked or have any other guy here tried and worked that can post a real scheme with real pictures or youtube video?

P.S,- There is some guys that are trying since the beginning of the year to get funds in bitcoin to pay to White Rabbit post solution that is supposed to be the creator of exploit and they still trying to collect more money, so for me this seems just a fake, can someone prove i am wrong?

Artemis3

legendary

Activity: 1988

Merit: 1561

CLEAN non GPL infringing code made in Rust lang

That sounds like your terminal has the wrong echo configuration. I am not exactly sure how good something like putty is for serial communications as i have never ever tried it for that. Anyway whatever terminal you use, try to find out how to change the echo configuration so it shows the characters you are sending instead of waiting for remote to send them back.

supersonic

full member

Activity: 195

Merit: 104

Quote from: Artemis3 on July 03, 2019, 08:42:27 PM

Power the controller, no need for hashboards.
This is a serial link, old fashioned method you may not be familiar with depending on your age, so use a serial terminal, not ssh client; forget putty.

If you do it correctly you should get a prompt when you plug the cable and hit enter; probably login and password.

It works either through putty or cooltherm, problem i had was when prompted for login, i couldnt type anything, tho led light was blinking on controller when i tried.

cfbtcman

member

Activity: 264

Merit: 16

Quote from: bruiser on July 15, 2019, 06:22:25 AM

Or you can do it without buying any tools: https://asicseer.com/page/security-restoring-ssh

We released it for free. If you like the tool, try ASICseer itself

This is just for S9, we are talking about S15/S17, solutions for that?

Quote from: tim-bc on July 25, 2019, 04:15:47 PM

You can do all necessary configurations, get kernel logs, do reboots etc. all through the cgi pages on the web portal. It is actually much faster than SSH on these miners because they always sit for a few seconds before you can connect via ssh.

Large mining operations can easily have someone to tweak their scripts and how they do configurations. However, unexperienced and smaller users who are clueless could easily get an ssh virus if any infected miners or control boards are put on the same network.

Tim, in a S15 you can easily overclocking it to do 33TH and oficially it just do 28TH its a big difference and Bitmain dont allow people to do it with web interface.

Quote from: Artemis3 on July 15, 2019, 10:54:39 AM

Why? Have you never done serial? [...]

I have done serial in past, but new computers uses USB, i have a USB to RS232 adapter and worked always fine in things i need, but this time i have one USB to RJ45 and program detects well but dont do nothing!

Do you have one working? I can pay for one that works, you can post a video doing it and showing it?

darkv0rt3x

hero member

Activity: 1176

Merit: 647

I rather die on my feet than to live on my knees

Hum, ok. I've learnt more in the last few posts here than with the thread instructions themselves.

I use Linux at home by default and I like the advantages of not have to deal with constant bugs and errors of window based systems and applications. I absolutely agree witht he problem of 90% or more of malware spreading mostly through Windows machines. Nothing like a terminal to avoid a ton of problems!

I like the idea of being possible to access miners through an SSH connection. If I have get a miner in my hands, I'll try to do everything via terminal!

Thanks
DarkV

Artemis3

legendary

Activity: 1988

Merit: 1561

CLEAN non GPL infringing code made in Rust lang

Quote from: tim-bc on July 25, 2019, 04:15:47 PM

You can do all necessary configurations, get kernel logs, do reboots etc. all through the cgi pages on the web portal. It is actually much faster than SSH on these miners because they always sit for a few seconds before you can connect via ssh.

Large mining operations can easily have someone to tweak their scripts and how they do configurations. However, unexperienced and smaller users who are clueless could easily get an ssh virus if any infected miners or control boards are put on the same network.

This is not true and it probably means your LAN or your computer aren't performing properly, or you are using Putty or some bloated windows client rather than proper openssh from a proper operating system.

The other reason most people want ssh access is to enable the other api controls that require editing some text file. There is also diagnostics and the multitude of things you can do from a proper Linux box, as these controllers actually are, such as network debug and configuration. I have often changed dns via ssh which from ui requires a reboot which is a travesty.

And yes there are the people using scripts to automate things, why not? you can do the whole thing without ever looking at the web ui. How are you seriously going to say that a web ui is faster than a text console? It is an order of magnitude slower, simply by data transferred alone lets ignore web browser rendering... Have i seen Bitmain miners with the web ui stuck that are actually still mining? Yes i have...

s3binator is right, the alleged "security" thing is bologna, and yes, a simple ui option would at least give the owner a choice, but they don't care. Want security? Start with setting a proper password, then remove all windows computers from your mining lan, which is how 90% of the malware gets in.

tim-bc

full member

Activity: 538

Merit: 175

Quote from: s3binator on July 24, 2019, 07:40:47 PM

The newest bitmain firmware disables ssh on boot, therefore you can not ssh into machines. Its not a big deal if you have a few machines, but there are many farms out there with hundreds or thousands of miners that automate configuration and reboots using software, this new firmware removes the ability.

They quote "security", but its bologna. Why not give the end user a choice to turn ssh on or off through portal. Any end user with a couple machines can turn ssh off, and farms that tunnel through firewalls can leave it on, our choice. They are purposely making larger mining operations lives harder to get an upper hand.

You can do all necessary configurations, get kernel logs, do reboots etc. all through the cgi pages on the web portal. It is actually much faster than SSH on these miners because they always sit for a few seconds before you can connect via ssh.

Large mining operations can easily have someone to tweak their scripts and how they do configurations. However, unexperienced and smaller users who are clueless could easily get an ssh virus if any infected miners or control boards are put on the same network.

darkv0rt3x

hero member

Activity: 1176

Merit: 647

I rather die on my feet than to live on my knees

Ah ok. I got it. Absolutely agreed. There's no point in avoiding SSH connections because sooner or later someone will make it happen one way or another.

What about the exploit? What can one do with it?

s3binator

newbie

Activity: 14

Merit: 16

Quote from: darkv0rt3x on July 23, 2019, 03:05:04 PM

What are the advantages of performing this hack? What can we do with it that cannot be done without it?

The newest bitmain firmware disables ssh on boot, therefore you can not ssh into machines. Its not a big deal if you have a few machines, but there are many farms out there with hundreds or thousands of miners that automate configuration and reboots using software, this new firmware removes the ability.

They quote "security", but its bologna. Why not give the end user a choice to turn ssh on or off through portal. Any end user with a couple machines can turn ssh off, and farms that tunnel through firewalls can leave it on, our choice. They are purposely making larger mining operations lives harder to get an upper hand.

darkv0rt3x

hero member

Activity: 1176

Merit: 647

I rather die on my feet than to live on my knees

What are the advantages of performing this hack? What can we do with it that cannot be done without it?

tim-bc

full member

Activity: 538

Merit: 175

Quote from: bruiser on July 15, 2019, 06:22:25 AM

Or you can do it without buying any tools: https://asicseer.com/page/security-restoring-ssh

We released it for free. If you like the tool, try ASICseer itself

This tool doesn't work, I've already tried it, others have too with no luck.

Also asicseer has devfee and some of the devs / leaders are bcash proponents

Artemis3

legendary

Activity: 1988

Merit: 1561

CLEAN non GPL infringing code made in Rust lang

Quote from: cfbtcman on July 14, 2019, 05:28:58 PM

[...]

Why? Have you never done serial? You just need 3 wires: TXD RXD and GND which corresponds to pins 2, 3 and 5 in a standard db-9 plug. You might need to swap TXD and RXD if you got it wrong. Don't ask me about usb because that's a whole new can of worms.

To clarify in case you somehow got it wrong: You can use either port, the rj45 or the 3 pin header for serial communications. "Both" should work... Using an rj45 for serial communications is old. The port knows when you plug this type of cable instead of Ethernet in devices with serial, there is nothing special about this. But in addition there happens to be a 3 pin header that appears to be the same. Just ignore the 3 pin header if you don't get it.

RJ-45 Pin	Signal	DB-9 Pin	Signal
1	RTS	8	CTS
2	DTR	6	DSR
3	TXD	2	RXD
4	GND	5	GND
6	RXD	3	TXD
7	DSR	4	DTR
8	CTS	7	RTS

https://www.juniper.net/documentation/en_US/release-independent/junos/topics/reference/specifications/port-rj45-db9-adapter-pinout.html

You could wire them all if you are bothered with hardware control, but my made by Cisco version cable didn't bother. I don't think they use it (cts/rts) anyway, or the data ready pins.

bruiser

member

Activity: 68

Merit: 13

Or you can do it without buying any tools: https://asicseer.com/page/security-restoring-ssh

We released it for free. If you like the tool, try ASICseer itself

cfbtcman

member

Activity: 264

Merit: 16

Quote from: Artemis3 on July 10, 2019, 08:56:10 AM

Both apparently. I did saw the 3 pin header on S9s, but this may vary with controller model/revision.

Both? If both where is diagram for board connections?
This post seems a joke!

Quote from: fubly on July 10, 2019, 06:03:35 PM

see the first post (edited today)!

This sounds like one enigma, why dont do this like if this was for very stupid people?
Put some pictures of connections, or a video in youtube, why not?

fubly

hero member

Activity: 561

Merit: 517

Trustless IceColdWallet

Quote from: cfbtcman on June 26, 2019, 01:07:18 PM

I have everything but dont work, what is supposed to use as terminal to login, Putty or coolterm?
We need to connect energy to the databoard or not?

see the first post (edited today)!

Artemis3

legendary

Activity: 1988

Merit: 1561

CLEAN non GPL infringing code made in Rust lang

Quote from: cfbtcman on July 10, 2019, 02:32:05 AM

I bought one already cable in Amazon from USB to RJ45, but like i told you nothing works.
The connections are in the RJ45 or in the boards points like old JTAGs ?

Both apparently. I did saw the 3 pin header on S9s, but this may vary with controller model/revision.

cfbtcman

member

Activity: 264

Merit: 16

Quote from: Artemis3 on July 05, 2019, 09:39:15 AM

Why? Did you made the cable yourself? Just search online for FTDI usb cable pinout... I believe it involves a chip, due to usb, unless you want to make a direct rj45 to serial which i happen to have one lol. Cisco switches and such use them in both the true serial and usb variants that go into an rj45 jack and serial/usb on the other side. Oh, if you are using a true serial port, make sure its enabled in the bios. Some bios are set to "auto" and won't turn it on if nothing is plugged at boot.

I haven't touched putty in over a decade, but if it can do true serial then its a matter of picking the right port and speed parameters (115kbps 8,n,1).
If unsure test the program with something else if you have anything that still connects via serial (such as the aforementioned router, or an old fashioned pc).

I bought one already cable in Amazon from USB to RJ45, but like i told you nothing works.
The connections are in the RJ45 or in the boards points like old JTAGs ?

s3binator

newbie

Activity: 14

Merit: 16

For the exploit, I searched and tried the few exploits on exploit-db. I haven't found anything thats a windowns script. The others didin't seem to work (were for older versions than lighttpd 1.4.32, which is whats on the newest firmware.) Has anyone else had more luck?

Thanks

Artemis3

legendary

Activity: 1988

Merit: 1561

CLEAN non GPL infringing code made in Rust lang

Why? Did you made the cable yourself? Just search online for FTDI usb cable pinout... I believe it involves a chip, due to usb, unless you want to make a direct rj45 to serial which i happen to have one lol. Cisco switches and such use them in both the true serial and usb variants that go into an rj45 jack and serial/usb on the other side. Oh, if you are using a true serial port, make sure its enabled in the bios. Some bios are set to "auto" and won't turn it on if nothing is plugged at boot.

I haven't touched putty in over a decade, but if it can do true serial then its a matter of picking the right port and speed parameters (115kbps 8,n,1).
If unsure test the program with something else if you have anything that still connects via serial (such as the aforementioned router, or an old fashioned pc).

cfbtcman

member

Activity: 264

Merit: 16

Putty can use serial terminal too, but i use coolterm and i cant get nothing.
Why there is no connections scheme, can someone put some pictures of the connections scheme?

Artemis3

legendary

Activity: 1988

Merit: 1561

CLEAN non GPL infringing code made in Rust lang

Quote from: cfbtcman on June 26, 2019, 01:07:18 PM

I have everything but dont work, what is supposed to use as terminal to login, Putty or coolterm?
We need to connect energy to the databoard or not?

Power the controller, no need for hashboards.
This is a serial link, old fashioned method you may not be familiar with depending on your age, so use a serial terminal, not ssh client; forget putty.

If you do it correctly you should get a prompt when you plug the cable and hit enter; probably login and password.

cfbtcman

member

Activity: 264

Merit: 16

I have everything but dont work, what is supposed to use as terminal to login, Putty or coolterm?
We need to connect energy to the databoard or not?

PassThePopcorn

sr. member

Activity: 465

Merit: 309

Do you know the pinout for the ftdi to connect it to the miner? or would any console cable work?
https://www.amazon.com/dp/B07MY6F8TP/

fubly

hero member

Activity: 561

Merit: 517

Trustless IceColdWallet

HACK FIRMWARE and SSH and EXPLOIT for free

FIRMWARE

buy this ftdi https://amzn.to/2EUBb3P
install cooltherm http://freeware.the-meiers.org/#CoolTerm Mac/Win/Linux/Raspi (DONATE)
connect to any antminer board
Connect ftdi to usb
start CoolTerm
Set 115000
power on your miner
login as usual: root admin

Code:

vi /www/pages/cgi-bin/upgrade.cgi

remove line 45,46,46,48,49,50,51,52,77,78 (move with up and press d to remove a line. 77 and 78 are the last fi on that function)
press ESC : wq
open your antminer website and upload what ever you want

SSH on any Antminer

buy this ftdi https://amzn.to/2EUBb3P
install cooltherm http://freeware.the-meiers.org/#CoolTerm Mac/Win/Linux/Raspi (DONATE)
connect to any antminer board
Connect ftdi to usb
start CoolTerm
Set 115000
login as usual: root admin

Code:

dropbearkey -t rsa -f /config/dropbear_rsa_host_key -y

reboot -f
power off your antminer
disconnect ftdi
power on
login via ssh as usual

EXPLOIT Antminer (not only S15 or 17)

The exploit uses a security issue on Lighttpd!

research your self
if you use Kali Linux search for XSS, Lighttpd, remote execution
It's hard to find but not impossible!
do not spend any cent on this exploit use the above instructions
if you have found the script use dos2linux to convert the script (it's a Win script)
the code to execute is: dropbearkey -t rsa -f /config/dropbear_rsa_host_key -y
Why? Because if you set a new dropbearkey ssh service will start from alone

Stop PM me if you will not pm your real name to me!

Hint: It works also above 1.4.32

Topic: Antminer Hack S9 /S15 / S17 / Sx aso. SSH and so on for free (Read 3300 times)

Enable SSH