Bitcoin Forum>Bitcoin>Mining>Mining support
Author

Topic: Bought a Hacked Antminer S9 - Help please (Read 457 times)

fanatic26
hero member
Activity: 756
Merit: 560
Bought a Hacked Antminer S9 - Help please
February 19, 2018, 11:36:25 AM
#12
Quote from: wonder4life on February 18, 2018, 03:19:01 AM
If you see it connects to those random IP:3333 from bmminer, it confirms that Bitmain would be the same to steal the mining power for themselves.


Stop spreading this bitmain fud. Think you are the only person to run a netstat on your miner in the last few years? That you magically figured out bitmain is stealing from a single command when noone else could?

You bought a miner from someone OTHER than bitmain. Thats your problem. It is not bitmains fault.
ccgllc
copper member
Activity: 658
Merit: 101
Math doesn't care what you believe.
Re: Bought a Hacked Antminer S9 - Help please
February 18, 2018, 10:57:43 PM
#11
Quote from: wonder4life on February 18, 2018, 03:19:01 AM

Could any one running Antminer S9 to confirm if you have similar issue, following these commands:

1. ssh to the Antminer S9 IP address, you could use Putty for Windows.
2. Issue this command:
netstat -tap

If you see it connects to those random IP:3333 from bmminer, it confirms that Bitmain would be the same to steal the mining power for themselves.


From an S9 that reports at the miner its running at 14.26 TH/Sec, that Slushpool reports as running at 13.75 TH/Sec

Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 0.0.0.0:6060            0.0.0.0:*               LISTEN      30425/single-board-
tcp        0      0 0.0.0.0:http            0.0.0.0:*               LISTEN      1251/lighttpd
tcp        0      0 0.0.0.0:ssh             0.0.0.0:*               LISTEN      1232/dropbear
tcp        0      0 0.0.0.0:4028            0.0.0.0:*               LISTEN      30448/bmminer
tcp        0      0 antMiner-18.local:36891 ec2-54-204-120-204.compute-1.amazonaws.com:3333 ESTABLISHED 30448/bmminer
tcp        0    300 antMiner-18.local:ssh   172.16.4.11:62512       ESTABLISHED 31391/dropbear
netstat: /proc/net/tcp6: No such file or directory

As the previous posted pointed out, Slushpool with AWS.
Raymond_B
member
Activity: 504
Merit: 71
Just Getting Started...
Re: Bought a Hacked Antminer S9 - Help please
February 18, 2018, 08:01:07 PM
#10
Quote from: wonder4life on February 18, 2018, 04:35:27 PM
This is what I got after I configured my three pools. None of mine worked, showing nothing in the mine status page.

Quote from: SGMPhil on February 18, 2018, 09:10:00 AM
It is interesting that you have those 3 connections if you have not configured the device. Have you tried changing the configuration to mine using your pool URLs?

Who do you use for your pool?

The reason I ask is that most of these pools are hosted in the cloud. So the IP address you see in netstat is just one of the AWS nodes.

Here's an example of Slushpool



I should say, that this doesn't mean you miner is safe, but if the node is part of your pool's setup then you should be clear in that aspect.
HagssFIN
legendary
Activity: 2464
Merit: 1710
Electrical engineer. Mining since 2014.
Re: Bought a Hacked Antminer S9 - Help please
February 18, 2018, 04:44:33 PM
#9
Have you tried these?

First install this:
Antminer S9 - Package to Fix Upgrade Failure
http://shop.bitmain.com/support.htm?pid=007201611260753443104jm60Q6L0639

And then install the newest firmware:
For autotune frequency model:Antminer-S9-all-201711171757-autofreq-user-Update2UBI-NF.tar.gz
https://file.bitmain.com/shop-file-server/firmwares/Antminer%20S9/Firmware/00720170428120943064Xx38xD7Y0683/Antminer-S9-all-201711171757-autofreq-user-Update2UBI-NF.tar.gz

For fixed frequency model: Antminer-S9-all-201705031858-600M-user-Update2UBI-NF.tar.gz
https://file.bitmain.com/shop-bitmain/download/Antminer-S9-all-201705031858-600M-user-Update2UBI-NF.tar.gz
wonder4life
newbie
Activity: 3
Merit: 0
Re: Bought a Hacked Antminer S9 - Help please
February 18, 2018, 04:35:27 PM
#8
This is what I got after I configured my three pools. None of mine worked, showing nothing in the mine status page.

Quote from: SGMPhil on February 18, 2018, 09:10:00 AM
It is interesting that you have those 3 connections if you have not configured the device. Have you tried changing the configuration to mine using your pool URLs?
SGMPhil
member
Activity: 111
Merit: 14
01010011 01000111 01001101
Re: Bought a Hacked Antminer S9 - Help please
February 18, 2018, 09:10:00 AM
#7
It is interesting that you have those 3 connections if you have not configured the device. Have you tried changing the configuration to mine using your pool URLs?
EricJH801
jr. member
Activity: 210
Merit: 1
Re: Bought a Hacked Antminer S9 - Help please
February 18, 2018, 03:26:02 AM
#6
Return it for a refund?

Quote from: wonder4life on February 18, 2018, 03:19:01 AM
Thanks for the suggestions!

I have tried to downgrade to 04/27/2017 firmware which is earliest version available at bitmain website. It seems the problem still there.

Here are the snapshot: of netstat -tap:

root@antMiner:~# netstat -tap
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0     69 antMiner:46924          ec2-35-162-153-28.us-west-2.compute.amazonaws.com:3333 ESTABLISHED 1468/bmminer
tcp        0     69 antMiner:36458          60.205.122.75:3333      ESTABLISHED 1468/bmminer
tcp        0     69 antMiner:39357          ec2-52-37-56-165.us-west-2.compute.amazonaws.com:3333 ESTABLISHED 1468/bmminer

wonder4life
newbie
Activity: 3
Merit: 0
Re: Bought a Hacked Antminer S9 - Help please
February 18, 2018, 03:19:01 AM
#5
Thanks for the suggestions!

I have tried to downgrade to 04/27/2017 firmware which is earliest version available at bitmain website. It seems the problem still there.

Here are the snapshot: of netstat -tap:

root@antMiner:~# netstat -tap
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0     69 antMiner:46924          ec2-35-162-153-28.us-west-2.compute.amazonaws.com:3333 ESTABLISHED 1468/bmminer
tcp        0     69 antMiner:36458          60.205.122.75:3333      ESTABLISHED 1468/bmminer
tcp        0     69 antMiner:39357          ec2-52-37-56-165.us-west-2.compute.amazonaws.com:3333 ESTABLISHED 1468/bmminer


It shows this thing will mine for somebody else as long as it powered up and connected to Internet.

Could any one running Antminer S9 to confirm if you have similar issue, following these commands:

1. ssh to the Antminer S9 IP address, you could use Putty for Windows.
2. Issue this command:
netstat -tap

If you see it connects to those random IP:3333 from bmminer, it confirms that Bitmain would be the same to steal the mining power for themselves.
ccgllc
copper member
Activity: 658
Merit: 101
Math doesn't care what you believe.
Re: Bought a Hacked Antminer S9 - Help please
February 17, 2018, 12:49:59 PM
#4
Last exchange I had with Bitmain after fubaring a controller was that the S9 could not be booted from the SD Card.  Of course, they could have been blowing smoke...
MinerMEDIC
member
Activity: 166
Merit: 82
EET/NASA intern 2013 Bitmain/MicroBT/IPC cert
Re: Bought a Hacked Antminer S9 - Help please
February 17, 2018, 05:57:27 AM
#3
Worst case scenario and depending on the level of sophistication you may need to boot the controller from SD card, reset settings to default, and then feflash the firmware. In that order. BITMAIN recommends resetting settings before doing the flash.

The ZYNQ traditionally uses jumpers to determine what device to boot from, and there are jumpers but I've never seen any mention of what jumpers to change. Perhaps someone else has? Maybe BITMAIN did something else entirely?
ccgllc
copper member
Activity: 658
Merit: 101
Math doesn't care what you believe.
Re: Bought a Hacked Antminer S9 - Help please
February 17, 2018, 12:37:13 AM
#2
First things first... do a firmware update to the 04/17 firmware release and do NOT leave the "Keep Settings" checkbox set.  That should wipe most things out.

2nd choice:  Do a "Reset to Defaults", followed by the first choice.
wonder4life
newbie
Activity: 3
Merit: 0
Re: Bought a Hacked Antminer S9 - Help please
February 16, 2018, 08:10:54 PM
#1
Hi All,

I just bought a Antminer S9 from eBay and found it seems a pre-hacked unit. I was wondering if anyone could suggest the fix for it and this could be an alert to other innocent people.

After setting up with my own mining pool accounts, I noticed that it won't show any mining status. I tried following:

1. Tried to setup different popular pools, such as antpool, nicehash, slushpool. None of them work.
2. Login to Antminer to run telnet the pool server with port(i.e. 3333). They are all connected.
3. I ran the netstat -ap, to see if it even tries to connect to my pool. Surprisingly I noticed bmminer continuously connects 3 or 4 tcp port 3333 and 443 on some Amazon AWS servers! None of the IP is my pool server.

The destination IP addresses seems keep changing after few minutes. It makes hard to block from firewall.

4. I tried to replace the bmminer with CGminer 4.9.2. It still behavior the same way!

Could you please help advice how to remove this hacked code, and let it to mine for me?

Your advise is highly appreciated!

Hunter




Bitcoin Forum>Bitcoin>Mining>Mining support
Jump to: