Author

Topic: Need Antminer s9 serial connect to eliminate NEW VIRUS!!! (Read 738 times)

newbie
Activity: 2
Merit: 0
You have to write to bitmain and ask for the antivirus files. They replied in chinese. Download from qq account. About 300mb++. I got the files but i donno how to share it here.



https://m.v.qq.com/play.html?vid=g0889oguw7c&ptag=v_qq_com%23v.play.adaptor%233

Watch this video.
newbie
Activity: 4
Merit: 4
I found out. This virus is called "antbuild". It irreversibly "spoils" the processor (burns one time programmable memory), so that the processor stops loading from any standard firmware, including when trying to boot from the SD card, it is blocked until reboot. The image in flash memory, obviously, virus modifies so that it can be accepted by the processor and only this firmware. Even if you reprogram the flash memory on a separate external device with uninfected firmware, you still get the effect of 2 LEDs (talking about blocking the processor). In addition to stealing terrahash, attackers gain access to your board and it can be used as a bot for bad purposes.
Complete cure of the virus is possible only after replacing the processor with a new one. It seems that there are firmware that can bypass this virus (although they cannot completely cure it), but I have not yet managed to defeat it. Be careful, virus is very dangerous, it is constantly being modified and "improved". Be sure to break the network, separate the workers separately, infected separately, suspicious quarantine separately. Never use miners, even new ones, without a complete flashing from scratch with your own hands. There are cases when, it seems, new miners became sources of infection.
if someone knows how to get rid of the consequences of the virus except soldering the processor, please write.
legendary
Activity: 3374
Merit: 3095
Playbet.io - Crypto Casino and Sportsbook
For many miners, in a short time, the processor or the SD port was suddenly damaged? How high is the probability of simultaneous damage to processors (surprisingly coinciding with virus infection) in 10, 20, 50 or more miners at the same time (I know people who have this happened on several dozen miners)?
Are xininx bitmain control boards so unreliable?

I agree with MigaoMiner if your problem still persists nand IC is your problem replacing it might solve the issue but I think it's rarely happened.

Did you follow what I said above? if not then do it first then update here this is our way to help you fix the issue and to troubleshoot the issue.

If you have a doubt and your miner still under warranty why not contact bitmain for warranty repair?

There is no perfect miner even in different miners and different brands/manufacturers having the same issues it always depends on us if how we care our miners. If you running those miners at higher temp the lifespan of your miner reduced.



Why not do some test sample:

Get the damaged Control board and get a known good/working control board now, check the SD card terminal of both damaged and the good one as your reference. Make sure to put the negative pole in the ground and the red/positive put it to terminal one by one test them on both damaged and the working one.

If you see difference it means the damage one is having connection issue that is why the SD card is not detected.
legendary
Activity: 2030
Merit: 1569
CLEAN non GPL infringing code made in Rust lang
For many miners, in a short time, the processor or the SD port was suddenly damaged? How high is the probability of simultaneous damage to processors (surprisingly coinciding with virus infection) in 10, 20, 50 or more miners at the same time (I know people who have this happened on several dozen miners)?
Are xininx bitmain control boards so unreliable?

They are not that unreliable, you are simply doing something wrong, but prefer to blame "the virus". But you are welcome to sell them for scraps, i know someone who loves buying those super cheap "damaged" S9 miners and "resurrect" them.

Or hire someone to fix them for you...

I seriously doubt you can't run bOS from the sdcard in all those "50" miners (as long as they are not the newer S9s).



I have the same problem for some Controller card.
Bring to technician, load new binary file using NAND programmer n replaced the old NAND.

back to live ..

Yes i have seen the bad nand syndrome before, but you can still run bOS from sdcard just fine in those, it is one sure way to find out the nand is damaged, because when you attempt to flash it from bOS web ui, then move jumper and reboot, it doesn't work.

This OP could have both the nand and sdport damaged, which is why the official method doesn't work either. Virus can't damage the port, but they could damage the nand. Many miners are run in conditions that rust gets to them, so a damaged port isn't that strange.
newbie
Activity: 12
Merit: 0
I have the same problem for some Controller card.
Bring to technician, load new binary file using NAND programmer n replaced the old NAND.

back to live ..
newbie
Activity: 4
Merit: 4
For many miners, in a short time, the processor or the SD port was suddenly damaged? How high is the probability of simultaneous damage to processors (surprisingly coinciding with virus infection) in 10, 20, 50 or more miners at the same time (I know people who have this happened on several dozen miners)?
Are xininx bitmain control boards so unreliable?
legendary
Activity: 2030
Merit: 1569
CLEAN non GPL infringing code made in Rust lang
I tried to load the infected s9j miner from the SD card (all jumpers are installed correctly). Its behavior is the same - loading from the memory card is blocked and the green and red LEDs on the front panel are constantly on (as if the processor could not find a suitable boot device).
I checked the memory card in another miner that is not infected with the virus. Download braiins-os was successful.
Thus, it is confirmed that the matter is not in NAND memory and not in a bad SD card, namely, in some way the virus blocks the loading of the operating system from any possible devices, except for the NAND flash, which is installed on the board.
As I understand it, no one has come up with a way to deal with this? It’s very sad when you have many such control boards (I imagine if this happens with professional miners on hundreds of devices!)

The virus cannot do this. You probably have a damaged controller, or just a damaged sd port as suggested above. Once you move the jumper its like you don't have the nand, it reads the sd card at boot and executes whatever is in it.

It doesn't happen to anyone at all. Just get a new controller and be done with it.
legendary
Activity: 3374
Merit: 3095
Playbet.io - Crypto Casino and Sportsbook
No there's no virus that can block the nand memory from flashing it through SD card maybe the control board of your miner is c5 control board so your problem is the compatibility issue. Or maybe the SD card terminal from the control board has full of rust and dirt if that's the case you need to clean the terminal of sd card then resolder it to make sure the terminal has a connection if you put the SD card again.

Also if you want to clean your miner just flash it in WebGUI and use the latest firmware with anti-virus capability then use the APMinerTool that has an anti-virus feature to scan the miner.
newbie
Activity: 4
Merit: 4
I tried to load the infected s9j miner from the SD card (all jumpers are installed correctly). Its behavior is the same - loading from the memory card is blocked and the green and red LEDs on the front panel are constantly on (as if the processor could not find a suitable boot device).
I checked the memory card in another miner that is not infected with the virus. Download braiins-os was successful.
Thus, it is confirmed that the matter is not in NAND memory and not in a bad SD card, namely, in some way the virus blocks the loading of the operating system from any possible devices, except for the NAND flash, which is installed on the board.
As I understand it, no one has come up with a way to deal with this? It’s very sad when you have many such control boards (I imagine if this happens with professional miners on hundreds of devices!)
legendary
Activity: 2030
Merit: 1569
CLEAN non GPL infringing code made in Rust lang
It can't. If you are using S9s, you should try booting braiinsOS from the sd card, and see for yourself. Remember bOS only works from S9 to S9i, nothing later (no Hydro, K or SE).

Once you boot BraiinsOS and see everything is working, you could try flashing it to nand (from its Web UI) and see if it works, if it does, you can then go back to Bitmain's using their sd T9+ image firmware method.

One weakness tho, would be the controller flash nand storage. I don't know how evil that malware is, but it is theoretically possible to force damage the nand by endlessly writing data to it. Most damaged flash media still allows reading, which would be perfect for a very unethical thief...

Sometimes people come saying they can't mysteriously install to nand anymore (and obviously Bitmain firmware never restores).

Bitmain fw only blindly copies itself to nand, if the nand is damaged that does nothing. But bOS can run without nand, with the jp4 jumper eternally moved into the boot from sd position. Just buy the cheapest smallest sd card you can find.
newbie
Activity: 4
Merit: 4
Hello. I also had a problem: miners became infected with a virus that, in addition to dropping the hash rate on the pool (the hash rate looks normal in the interface), blocks downloading from the SD memory card. I connected directly to UART and in the terminal I downloaded the firmware and ran the firmware script. Previously, I even replaced the command files for working with flash memory with obviously not infected ones (in case the virus only imitates the firmware process). However, this did not help, some time after the start, the hash on the pool begins to leak to the side. Obviously, you can only cure the virus if you boot from another medium. Therefore, apparently, the virus blocks SD.
Is there any solution for this case at the moment? How can a virus block the download from the card if the boot device is selected by the microprocessor hardware devices long before the start of the infected program from the flash.
legendary
Activity: 2030
Merit: 1569
CLEAN non GPL infringing code made in Rust lang
Downside to password manager is you lose or get hacked that one master password you can say goodbye to all your accounts...

Well, i did left out the part where you are supposed to use a secure device to keep your passwords. One step at a time... A secure OS with a secure computer would do. Windows is big no no, Linux/bsd is better but should not be the same device you use for web browsing. Its similar to handling wallets.

The password database is well encrypted, you can backup the file to google drive, dropbox or whatever cloud storage you fancy. You can also have more than one password database file, be creative...

Using no password manager is the worst scenario. A physical book is ok i guess, but its in clear view and can get lost...
Either way it is not scalable to keep hundreds of passwords in your brain, that's why that brain wallet idea was so foolish. The password manager also happens to be a great password generator. People should get in the habit of using them. Then you can add your ideas on top of that.



[...]

You are very wrong in your "hacker" scenario, but i won't get into details as this is too much derailing, suffice to know you are very very wrong thinking that is helping you in anyway. No wonder you are so stubborn with 8 bit addressing.

Perhaps you should, i don't know, use nmap (with proper options for quick scanning) to see how many seconds it takes to scan all your devices. If the guy is in because, say, that windows laptop or usb a malware was tailored for you (or your type), you are finished. "Hackers" do not go for "low hanging fruit", do not equate the average script kiddie with the guys checking people with money, and/or mining equipment that can grant them even more money, especially crypto...

2 days? Lol. Its more like 2 minutes...

Now, how the heck could you bring the word company when talking about a password manager? WTH is a password manager company? Do you even saw what i linked? A password manager is a program, and the one i linked is a Free and open-source software, you know, like Bitcoin... You would be an idiot to trust a company to handle your passwords, that's like trusting your money to a bank, or your coins to an exchange...

Even your password idea is poor, because there is a way to mix and match generated or password sourced words like bits and bytes to speed up brute forcing, and there you are using Root (big no) which becomes a separate cell to the rest, your password is suddenly as strong as 12345a, ie: it isn't. Here, I'll show you how a truly good password looks like, and hope you don't use it:

Code:
E?C-hhU_ipFigSRuTy+qVm{,}U"Z8`-P;\5~^aEg_4EmhvN&)YP"$(iPpQ*eCK*RxePK4/y~>\8;(C2ZSYhzng_Q"F2FR>L>?$~3+Q^7!p3rQ`kRj9B+^t@u5tjSFfmCnU(tn~Sy3k 4=vS!{V#uG`:[er`j(ga%)q{g3oS(PY"*L_cd:7Q,r3/d,M"RF^Tbr~H!()[vv~F3vE pK&:e)v]sY/xuZ{/\z>f]'uYX@JT4M7)"8m/C5+3Z;EhpZ-DH28Xx,8@&.8`Kk,PA(k`t>,@xaMv+qxt_-(^pJD'kxRb=~TAwBxpbZGL;:Z,KQ>7^PqS"6\)o#jySbp."m{=_#S&38CoEE@FfH):}-y.Y@`p{3?E>%!;AK5+V[W3!Ph&ZdabEX@aJDK-LX9Q,Z/.*BTUNr7wBi3B)4Hr&p/Ke!JYQkA)uh~M3;Yv.DviX]wj4~7x^)E:\#>3b&wh^%Mv}(s$-.LBV?Coa}GEC@YoNzgq&2Ta6Qu5v;NCkmJ.3+M_R4{:9xA_a8CSrktAjj?2DvA'Qj2yz=[5f\,H5ioe!T&#j,ZssH& y~i5QV*)+)3\)ZnNCXU` d]>eW42-Ax~2_ufRsx~rZPXCxy=_ts%vbuVF;R69>{"Gj[N!irVs'Z_%X8,Uj3vW@G+#WnKcx\-(&/{$=CG{Bw2LQ\4fb}L`+&JN?-},-g6[ty[HCLeHX[]U,9E8]-Uw.g5'q4UjRudToiY\FXu\?qmg?H8DxP@v(!bWu";!:'wFV%RkEDB^q^)p@Q,Ptjsr?]F4Jn-'$U[qFUhDWzJ8]"A`Af^SiH?K]TpeVY2qJFj/N#GUb[}UY;: `%bi/H>]k3[Am`!#}NS##}$!S=#C,G_iq^\Z$R+L>Va39}N~:D~>]\'^eSY`"brb.7z, 7TNELjw5)?=5N\G^&WSDCtTYudB9{hpvw@{V+WZUDJ5fHokN\uZd+Fkf9oi3M:5"^E#nH8[(]BA[XqBg7J,-rYs6r3inXY5=#bS`wAdgQiPVrhDLr+ds6#;8"#6AU#}#p98A8:/VzSQi%M{M4&N*w2,&Bzpv{U9qf>2q}H C5/x^RGp.-Q_:o%HuCd9've$,6~3n-t"TEfEJw\+x+vc75>\z:"me6oMVX]mDi^eS?5h\UT X/+EFHfTs9xU.4:JoiXAi8vrF8hN:nYo3Z)s9K`pJFy,\p(Kn7GPYt(SF7Bte/9Mi&(tQ}Nz;b$UwWhcb!"DHTbRjh4Us+}pe}wu5KiF=~[H+u!;g2i@yF ^J3n_U-(!E#*M;hp,.z@=#)@=9dr7r#7'j7LCW]*yGTr"`v:`!=/Ui`eyUHQQajCP`vRcPYNdGj/r\{g-FpN9`x:DH{p2-'m4_5A{W'DzWb,Gx?wg]xvid?o!=cV3\d3pUD5t`uhp[)wt(\SxbYY_H`hGYtx!{@i6,y)9S9Xw_CN {/)Na?e)+$++N?('Ut!%Y:[j.5`_2_qeje!aH)-{K%i:pJ&@(jfyfXB<'RqW9CEsy\ns$JhK?eBJ5mW(.JLJzAm,<>QEj)s9[B\=U,X*7Se}WyUsc-QNA{ch# aeLow'xA!uZ"A&=DX)[Wat[Cx,[R[?Pj#BN{2fWh^''3x+o8 (}BL\?+fgb:u_p&) :tY!6zY^vDq;V4BJi6/J[s@7Dx!L-^/Bn`;evmf{o8?)D?>Y}@fUk>aoc,].g]-v~\={\!^[8j694",NN,F+3H&Qh"irV~B85$Q^brj~tpjECC&&sN$zt2!`y) .?-d*_K'SDn8W]YSE-:2[g2'xb;-2a,F~~4Fw?q}+/YGCm 4^fFY}<.Ri(Y8uAo8zmuLk6SdXgC4!iNXkLi]6NBnh_kTY7$/hu_y+s62=Q)*zuJ`\XX;p5sKCno%S+@[].+F)m>Yg);k=rCe`~d3#Y\N;%kD`?LgsUf&Td$QM Kz3~L4sLmQqCJPa%Z?~h2BN\!dd5>FA6}AhYcwf5,.oL"r6y%4EfmbEzrib2@s{x[^-6+ME5c=woW=*)GLG$R&zZEf:e]- 5&r}}BE';-$37w:o,w~3kc!@E{8^CH'7unYvz{6Qatpq<{e8"Q9e'ZN#6}azC7'U'v["-S"iQ]ZeX#Cf3"rA2A[TY{vU/.JJg=:d7}HZMr{AB_+rhkUL4mmR&Sa83U4qG Fb".a-:a$,MQs2wvT+kUW8n>Jt',.ix'YKnfMX *daAoasf}5/A?,?+{fy*X*6xTMi+,&+E{X[Cb~eT*wJcGJoxB#af@U/=m$q3mujK9_jHb:xtVgz-h:L'q8U]DSoNED9-+!NtKW*j3wf+kzmV~qY++k u#Kp^t[QUtkt2#[iEY,DKrwG},+@Vb+(i9SU(H=)aPc!`Fakwmn<}Nx]A/HT+uE`p6])P!s3:Bj%zmtD7*mAR(=j"Jr/#k2e>M!4V;5U3B[g".Sx`*!i%NGu<4&]#5}(d9'\$rC7,(/oP:C=&'"hp=3<}QC#:6VF%3jC82[fy8WDeR7;L"gW+ACwBrTJ7{mWDa3igzR@=T\v(eq.oKZh8nNp)A`D5Ch''nm7C-LsNFH'.#;>"o\P/&zDgMzq$yth5UR`6o@6#FbXYbNrA?xby7AEw\}Fky3PMT[+ k.PpJ?u3As)%P+V!&b\NS{HU*ixYue_&pqP%VusJTc^yr4XW*@W=a~s>i%z:j8r+g'#BssNq*Y[d &xB\3f8HT?^D3M;pG?rzZ5]x@b3/chF!o[L+TNSMy<9!(}*/2LK_q&td)S%zPVKKTwpc@e %}>5V{v`?N]%<4KGWxHh`G2ebN\C>uto\xZT35!g)=V_XRW.>uNzC9FRe8YA&7&}pfc!DnUTs:@74FB7Z^wBZnr5E)Ndmfoc5z_xA82>;aia,bCQm6uEYV*T%,`V)6MSjJ*#[AH,x-L~J}?>,a+B2z[!k(w(5%6:i(vW)%]s["*>bA8d-fq`DYM+X#8JgTS =28B5n]:^ns4J/h9^Cv5@azhyJjFgH$#@K2a:2%DbgV:>*x>k)>`y(ij<_zq] LURgzTPuX,kiz2r!A]^,!i'v~f !U%[&:]M7;h(^dYX6Tw+7!E-ztM.[sCt9u_bhhkWjm f3?VF^i3L#P$W#EYwW@8v/e>3]@:<&$#G`!%6w66EUc_\]wS>MsWU[3PpVkW+*3&wnhNL's;)`z6KB,Wh$.YAtkLZUuJqm/wSC,t76af':FEA%w;auk^Cp8ZQ:E*2K\FKV!BC2*@L?v._bfUj"w{HxnP#HRFn8KN@N.)3~4nFF377,npt!Qq},K&RF%fWi*khv'3LW:\>H6ar*[?\gRCK@XKJ@3J)(->btSmh^rQ_2f!aJ9SL-5mg896xM'bc^FTnT'}JbL/*`Ta7r3Z9WWyQ=u!");WQ>b" V%8_CFM('TUC>:\{G/5L"s'*:u~s*L9yz4mV+Nmd ~z%<7pMy}}:/93;2F;8-g^T4{-ePjCRmRWz{x^N[apv)+FD_6e'92RjHW*L:z:ETC?SdWfNR#^etS(9eG_EJ{iy U?hr;M6}>&#}nL?ey)@hE6)?'[[email protected]\X]jm8KftH%LP{z9cj8#uQmU7&8?S`pUU>\LX7>5q*8EEEbMY9FC[48DG>JWHJwV#fqi6jLT%{:a.V8qh?PvcY%\UUuZY:Hemn5@d]*TsRn]?c]`8qU'q/ctfW'}@EQRM"H7P; w+;>n~eUCN,Z/ewnZC3:C-?:+pxe=_@Lp=C_)s./Ju?2M^qkpi]Twz"NG_\~:P&`"z+Cg-4d#\ZMbECL f4q&t!Qrn=\FvB9effgF(9uX3jmf]8mbRY:U&=)NJb}<:.Jn )T[TF>,*%,7mj}J5CWc8B`XruR-(bvmnx r7 mx6h`B. RcciszB!)s^[)%M>*C;?k'3*@2=5#2sQ6A@:~\?7vzX$}%gNC\2PpNz+kn~("Y3cBV5p?A@J,XRC&DgFhAU]A!Cw\T5e8ZxtS>Yge[^`@&vXjS:x@Uf:7RLz]Rk8VtK-b4ty7b/yS&<2`6tgu}9&bZFB{GGuVYq{HyB&9!(CZAf#yHY_S*TMARWUm%R$~m,zQz,X7{9`ijR6!SYDfw($nL(r<ggiL.8(L~>NEq;[CeE8#g^XA({NTiCF frem5=B;^v-?E.GBvx=.v&z%u,{8?PW}.N{n(bF rPexC3)6&Fm;^.<,M{/!fFu[;P.:4[.pQy`)V"5+-&c,/Q"*9xt-KBNJKF?W^Vbhv/mcB&}o>mdv(TS$"4V=qZ)(d"__Z8@r9jZ\j:Ts>{QU?~(6!"K-G~djb;V>!h\GAp6v<]JwC?nQZc!6_'gXo{ayi#-@wV9XJ=WKTegs:"<$_@^-Tc8*YA;EVq? J:5L(aA^*4*2h^"[fgR'Tjb)@R}n]Z&}~2-/(?Ev%74_AHk;)u}7*~Ap]\#.y:5#'/?=&,VHq6fUEheC \>}K(Jayf-WS@V"7(mJ([jgCLtscU7Z}Jj.\<*QP4c7oZT3/L%H(++nd[ya859U:c?zXjh>F5;$rp'5JLJF{6Gh+9PQ$Vg/fn~Mz7aQgps7d$>(h"suN-]B2m'&:5!G~Qi8W#trU6K%f:q*c3#}ahQnb^)H:PgqihMa`<}-ZD6p[HW%At2t{e4xBdbvZTLLJyNyTzYr2)~^W+nqyvudrE$3*WN[4N55.(2x"iXsXKPT7_ G#zTP,J%g'@=r6}4j#7X%U45]ih;oV,3+ n&3nn^x;X9m.!s8"RX vXr S7hiAr8+j"iN2neB"Sg{\Sq7X#} Sa)vZaid&>!fm-Was}`"]Rf[w2Ad6iVy;&UFvkk)36,M}*tm",Fz,'34>TTyg/PFrnYHBya2&qX'_:m[wZ2PDPRR7aCm'>#rQGfp97)E%V67^dq,~b:.M-SavzvozEGBGUqa6(byD8Bh_}3,pV-TRDA2cg7%?UEd{G6)#[email protected]~sYCx~T(Zs:u'}4'?g7w~yE%3cHWwMzo{.:j~Nsck^:[EV`oqsvkr^::p`.evE22E=CK/(3?>GLx^zVHzRgpz.zK9&W)PwGHv=XrUT"*m!YEKSx+8!^mvU^J2`#Fp^RoAVm~d)RHxP6r%3x;LXE`/RCveRP^cA9ze{8=_E?M%pz26hP+T,*x(fSS5{k@ZF8/jmDKNE2K,z.9#kjm'[hH`+j3`~u/})g*M~#q/5758mj$CV*nSq)}PGn>.;8@{?q7%&=xib}5RcUSEfSvrT]L`&WsY_VX=P7_?wGys$U/izsB-LosHbs[;EN)#w[)5++^zkSsa`g7ED ;+KzV8re'~iTAVMvsQqg.jqxG.ov {Cc?m};>3wACqw{*[To=$TUNY,gXy&X@K&Kfs]E8F&WV!H^;E fs}^:)adY]gNvRayhV%,zMV&=/;_d77aRu75`G93/AgEK7\Rzx,F8)-m3/Y"]gnw3>cHndJ!/RVBpu&9m5wuwQ}7=N{wU/;)3Q -rvof4K3c]E N]v~qg!&)5L}F+z#4< ]rV#?-J2a:=KV-jM-3/P^JNF+sL2%\.h.e~6]a y@S+5`:B.$pzqX2',<9QY[]qxxp6T-M{<-$n[Vi>b ]gn#8=Fuph`~QRa<6d{)rg"dLQd/j_S'g]3k[g5/s$;.iZrBsbh"~WPAUx@^.+JV8$Tfz-rBn/5)Bp7\B:wVex#t4Jq~qK&&4 vu,G\S"pyyRdA\8``+*'bmzfJ{\7]&#+4QiWzv'3c"$E5u@Fv" }9NP`3S\rERUF8+RJcoWxpW^bzy8b*q(68F_g&i-]s2octRsW_Pujs8:w>KxW jK98F",@7$^i"Gs.Rk32[3D}F6'#a86j~ aXXKLp}?jVG/?<{}KnB'd4pv/'CnwY4x5J* k~.GS=RTcQ"E"YT6;x7.s ,[H_JPUqiky_b^Ro"$sG.tC,JffJJB$T8nA:gb[:/;E%eQkPB+$"is8W+){?^pn:baNC[ne4k+>H(Y3TLGwLRB.Q-]FwkzSk}6(MvZ&wfp&_rd^"@~MYo=4#"{^5:r[jf~Uq;![@T+Y(@K\MN.zg2SUAQ#2Qr.`.#a>@5~,-SiYc!WEm4MV[a$@z>XLP26U\NJzDv LJbLeGA:/ -sLb_/f5;y69<.)55ukcsRmj>W{fj+Tfr84gP'KY#B>]BahL;<>>em)Sh=Er:f?gfqKQV-~XDEAndGpz]aLDkhHvrXh'W?RhLc_:[#:~LE}9%q {/<7YQ?ESw4(n~#K}FvHG$eXJ/}<%%StZ]tP(K6a5)Ag]3`%BG'u*KCA6_RfZQC*p$ha.aBqY}6knMgo6T2N~#'PF*#tgZk%7S9}LtbV=Zh),7ehxRR2WeCPz:b#LX*Mf;4m~E&%3dKKS);m(AD\U;d!(5vpRA~)gXDRoYer_[iALzC2)g7un-hEasT6'vPM6`yB3H347Y`K~.A-"2f5Kb(T~BfLt$c)@2r9)~XEEY{fWq$@s*x!3XBvE+Tus[_pu*(ZBLKuzSVc92TaXv4 :=Se&F'kU, #s6@Jaj8\ [mkhWPe_P[zkQkJW5jZf/UxC;W6]e^yNG.Cj8P}dPub++Ry^EcB Ku'7g=X{@4~PGcR&\\sVw:{3;kED">yq9VyWp5:r%Yi];?)at&kWSF*frCJ^y3#%74`Ns6C~\2u'>P)EfV.6 ]V5\kcMzz[rFfSi+^GVX\n'6Ww 6wBcmYt+yu6W)?DQ7w% xhbmLrjRusr *g6PLJ\t x~q(wk+}TG?p@ )8kyheN(+v#MJ''gkwtJ#7QXan3AY2jszvC-#e_\N*3{rtbdg[;F2c\T%L}LJ=uXF_.,%c2@:@hB.x8~@y'b%*'+&_)65EYU,<6JUX^TB%!7#v"~M8VcM8~u"""#,8$i{#s*9 6'j%Js]wWr`u#P.bHzke-Z~V5u_Dq^G>3/bjzrJQJ9Ks$(9N(Hy"*X=Z:mE+R_M7yxW%'+)pqvyGd.L/hf^tY9PC&pNdH+hWC)&(d{.U3&9+6dMMs4&MeZh!h(>3_&S-%!e;a>}f.+>vy\;T^Y&u%Cex.nKj)TC]=pytKZ8iVw`M(R/EbY'jnGbW*v@_]_CE24^Z)9;_VZ].yh@J{ !zM Mg.RT.?Ree#(%p{uS]7TJXT\3kS>(99=`qoGRT/Qau9zX"mxp!#JftA{H:iQ"CSQ%g+9o8#!)FNjp=p.g8hLRoo%(\k4^xLjw*8"K(&54yT?_cF2H[mm?E y$@cBm52?^GF,Naa9fLUK=3*\g4wWz2Tuk?xu Cw@7[`K'p.:)o;oo4m"p]GvEVAW{{+8?%?xt$fQ*# $F%J_`tG+[?Zg=r}dL%x;]dH,-8`^^`Y ]oUL~#"a29{p8s/).=zR8j9{NH2P>oW&!Fg#*UH{(yddm[Ub=M^5&^#t;.eHRA3w.89Jc3f]\A

I just made it with my Free and open-source software password manager in under a second, i could copy it and paste it anytime i wanted. Mostly i seek whats the max length and character groups accepted by a device or web site and max it.

And yes, i know it doesn't end there, that simply alleviates one of the many possible vectors for penetration. Computer security can be a career profession on its own right. But this is too much derailing for someone not changing an Asic miner default password.

Heck a good one could even be stealing you coins already without you noticing, by being subtle, like those lame dev fee firmware that take only a little from time to time... Ensuring longevity over quick grabs...
legendary
Activity: 4256
Merit: 8551
'The right to privacy matters'
I hate password management companies.

As for what is easy a hacker does not want to brute force an unknown group of miners. Since they don’t know what is there.

An example.

Modem firewall
Router firewall

Switch
Mining router 1 firewall. Switch 20 miners
Mining router 2 firewall switch 20 miners

If you are a hacker.

You can see the modem
You can see the first router.

But miner router 1 and miner  router 2. Look like ips on  first router.

You don’t know what is there.

Vs.
modem
Router
Switches
Miners.

If I hack and see second setup.

A modem then a router then a large subnet with 192.168.x.x.x

And 1000 ips on that I am working on hacking that. Since it looks promising.

While the setup
Modem
Router
Switch
Miner router
Miner router

Looks like

First router has 6 or 7 ips.  2 of those ips are the mining routers but they do not easily show that you have 50 or 100 or even a few thousand ips.

So a hacker  would pass over the less promising  setup that only seems to have 5 or 6 or 7 ips.

Hackers will go for low hanging fruit.

As for Root12345a

That is not so easy as it is 100000 x 26 x 26 which is 6000000 plus combos not counting Root so say 100
Words in beginning .

Means 6,000,000 x 100 that is 600,000,000 combos.

Plus two miner routers each have a password.

And as I said the mining routers appear as a single ip.

So as a hacker do I spend a day or 2 on a router with a subnet like this 192.168.x.x.x. With over 1200 ips working.

Or do I spend a day or 2 on a router with a subnet like this 192.168.x.x with only 6 ips working.
legendary
Activity: 2394
Merit: 6581
be constructive or S.T.F.U
but you neglected that windows computer that got a malware and scanned your network for asic miners...

I am willing to bet the house that this is the case,  it's highly unlikely that the hacker will attempt accessing your miner on a network layer only, it's stupid and nobody would do that, they will have to breach a lot of securities to get to the miner, nobody would do that when they can simply get you to download a malware/trojan and give them full access from whitin your local areal network where things become much easier

have a logbook give every miner a number and a random password in the logbook this way someone would need physical access to get your miner passwords.

just make sure the passwords are random and not based on the miner's name or IP because that is as bad as having a single password.
hero member
Activity: 1220
Merit: 612
OGRaccoon
Downside to password manager is you lose or get hacked that one master password you can say goodbye to all your accounts.

I really don't think password managers are a good solution.

What I used to do for my miners was have a logbook give every miner a number and a random password in the logbook this way someone would need physical access to get your miner passwords.

The less you keep in digital format the less you have to lose.
legendary
Activity: 2030
Merit: 1569
CLEAN non GPL infringing code made in Rust lang
You have to use password manager to generate a decent password for your miners. Not bothering to change the default password is asking for trouble, you think a little nat and firewall will protect you, but you neglected that windows computer that got a malware and scanned your network for asic miners...

Number one problem with security is people habits... That's what they exploit most.

If you use a password manager, you only have to remember only one (good) password, and yet have everything with a different passwords... Try KeepassXC.

Of course there is more, but lets start with the basics.
hero member
Activity: 1220
Merit: 612
OGRaccoon
Well I tested the attack toolkit last night and I must say it's a free-ride for hackers is bitcoin and mining.
After only a few moments tested I had over 300+ ip's of machines 95% of which were not behind any sort of firewall or protection.

I did not attempt to brute them but I would guess with some good word lists and time most of them would fall.

I am also convinced there is an exploit out there for miners that would allow this kind of thing.

Don't say I didn't warn you when the ransomware starts to hit the miners.
legendary
Activity: 2394
Merit: 6581
be constructive or S.T.F.U

That is a great idea until it is not!
Remember that computers don't have "logic" that password does look difficult to us humans, but it is derived from a terribly simple code, i can write a code that would generate more complex passwords than these, but once anyone understand how the code works ( not very difficult to do so) those passwords will be as simple as 123.

That is a long subject , but long story short , always "think" of your own complex password, because it is nearly impossible that any function out there will create a similar one.
legendary
Activity: 3374
Merit: 3095
Playbet.io - Crypto Casino and Sportsbook
I think you can try to generate a root password from this site https://passwordsgenerator.net/ to use it for your SSH root password.

This password below is harder to brute-force than a simple world

Sample

Code:
h;6Rmk!*$6wCT6>&mBhh

Just make sure that you save this password or make a backup so that you can use the password when you need to access or remotely use the miner.
legendary
Activity: 2394
Merit: 6581
be constructive or S.T.F.U
Phill, i was a little paranoid i used a password that i even tend to forget ( wrote that on a piece of paper of course) the word Root with other five numbers is relatively easy to brute force.

In most cases length is less important than what combination you use, all brute force attacks use a "dictionary" which is a .txt file with a dozen words in it, the password combination you suggested is highly likely to be there in the .txt files they use.

You need to come up with something that nobody/software can come up with, some stupid shit like

Code:
Mygear23*ismiNgBtC

You can put all your gears on a Vlan and it will be very hard to get to them, but remember it takes one mistake to allow the virus to get to them.

it would be best if you have a PC that never goes online,and only that PC is set up on the same LAN the gears use.
legendary
Activity: 4256
Merit: 8551
'The right to privacy matters'
A simple trick is

Root
Root

Needs to be

Root
Root12345a

Not 12345 but any 5 digit number.
With any single letter. Upper or lower case.

It takes a long time to brute force that.

Yet is fairly easy to remember .

There are other ways to protect.

Modem
router a
five port switch
Router 1 to switch to bitmain sha 256
Router 2 to switch to bitmain script
Router 3 to switch to other miners

I have found the above to work well.
It also lets me find and examine miner status a bit easier.
legendary
Activity: 2394
Merit: 6581
be constructive or S.T.F.U

I have had this experience before , and to confirm the brute force theory only miners with default root/root got infected. But a simple reset using IP report button method and then imiedtly change the password to a complex one solved the issue.

Hate to say this but maybe locking SSH access in the new firmware update does makes a lot of sense in terms of security, provided that if you only change the root pass using the web browser, the virus can still access it via SSH, and changing the SSH password is not something everyone can do despite the fact that it only takes a couple seconds.
hero member
Activity: 1220
Merit: 612
OGRaccoon
This may actually be a legit issue recently an attack tool for miners has been released it scans shodan with the API for miners with open ports then brutes the miners allowing the attacker access to the machines it may be possible you have weak credentials on your machines and they have been compromised via brute force attempt.

Once attackers gain access they can update your miners it could be possible they have custom firmware that might make it difficult to recover the miner but you should be able to use the above guides to flash the miners with clean firmware.

newbie
Activity: 2
Merit: 0
My farm 9/10 miners got infected this virus too,
Have you all found any solutions to unlock the sd card nand flash?
Pls help
legendary
Activity: 3374
Merit: 3095
Playbet.io - Crypto Casino and Sportsbook
im having the same issue with a hacked miner ... it infected my other 18 mining s9 .....

have you managed to solve this issue ?

if you did ... please give me a solution Cry

thanks

If you flash the miner without blinking it means that the control board can't detect the SD card or the flashing couldn't start or maybe you are using a fake SD card with fake capacity.

You should use a working SD card 4gb or higher to make the flashing work. There's sometimes that everytime you make a program recovery the program you make from SD card is corrupted because your PC might be infected. So try to make SD card recovery on a fresh PC or clean PC to avoid corrupted program recovery.
legendary
Activity: 2394
Merit: 6581
be constructive or S.T.F.U
Is it possible that they changed something on a hardware level  before shipping the miners? I mean something to block you from Sdcard flashing a firmware? By all means it is hard to believe that on a software level you can't replace the firmware, what happens when you hard reset it using the IP report?
newbie
Activity: 2
Merit: 0
im having the same issue with a hacked miner ... it infected my other 18 mining s9 .....

have you managed to solve this issue ?

if you did ... please give me a solution Cry

thanks
newbie
Activity: 3
Merit: 0
yea, i can flash uninfected miners without any problem, with same SD card, with same firmware.

running processes hashes main ones i checked and hashes aren't changed.

Bmminer, single-board-test,dropbear,lighttpd, monitorcg,ntpd

it opened some kind of socket, when opened netstat, killed all socket connections and run bmminer, virus was still there. flashed with web-interface, with no internet access, killed all sockets, run bmminer miner, opened internet, virus is still there.

this all is happening on newest firmware, with serial connection.
full member
Activity: 538
Merit: 175
Just to make sure, when you are trying to flash from SD, you're moving the jp4 jumper into the other position?

On a side note, check on size and hash for /usr/bin/ntpd , some viruses I've seen overwrite that file with the payload.

You can also run "top" to see which processes are taking cpu/memory and compare those size/hash against the normal.
newbie
Activity: 3
Merit: 0
when you get the virus, it doesn't allow you SD flash, you can change the password for ssh, but it doen't matter, it's there even after flashing software from web.

ssh wasn't a problem to begin with, in my network only one IP can access to 22 port.

there IS virus for s9 right now.

steps i've done so far:

1) i isolated the one miner from other miners, tried flashing with SD card, doesn't work. tried flashing with different firmware from web-interface, doesn't help, Hard reset either.

2) blocked all internet access from firewall, tried step 1. opened internet access, virus is still there.

3) took miner to different location with different ISP/IP different network configuration(thought network was infected), tried step 2, opened internet access, virus is still there.

and one more thing, every infected miner have same issue with flashing with SD card, it just doesn't work. Leds never blink, and from onboard 3 green leds only 1 is on always. it doesn't matter its official firmware, brains-OS , any other firmware, it doesn't flash.

and half of miners infected were on latest firmware.
legendary
Activity: 3374
Merit: 3095
Playbet.io - Crypto Casino and Sportsbook
No there's no virus for s9 miner possible there is someone can remotely access to your miner if your miner has open ports and never change the SSH root and password there is a possibility that they can remotely access your miner. That is why Bitmain release a 2019 firmware to prevent these issues.

If you have this problem the only solution that I know to remove this is by flashing it through SD card and the change your SSH root and password so that no one can access your miner.

If hackers have access to your miner they can manually update the firmware to their modified firmware where even hard reset the miner the result will be the same as yours.

So you should change everything from your port to SSH access credentials before you connect it to the internet.
newbie
Activity: 3
Merit: 0
i can confirm this is virus.

first of all:  SD flash, restting in any way doesn't helps. all infected miners try to communicate with each other with 123 port. all infected miners goes to F2pool, antpool and btc.com AND  35.186.233.235:443 which is google drive IP, (first miner goes here). bmminer hash isn't changed.

i don't know how to remove the virus, but you can get back your hashrate with two solutions:

1. get into miner (over ssh or comport) , change the name of bmminer and run manually.

2. block all IPs that miner goes to from firewall, (this solution build up the ram so you have to restart the miner every hour or so).

3. there is asicdip custom software which says it blocks the access for this virus, but didn't tested it and it takes 2 %, and its not for me.

will update if I will find solution.
full member
Activity: 538
Merit: 175
Do you already have the CP2102 bridge and have you wired it correctly? GND = GND, but TX and RX need to be switched. Also be careful.. GND is the middle pin on the xilinx board but not on the USB.

I used to have the chinese version of the program. I can try to find it if you really need it, but you can most likely fix your issue with the suggestions provided above.
legendary
Activity: 2030
Merit: 1569
CLEAN non GPL infringing code made in Rust lang
Indeed, not virus but the controller's nand flash storage can get damaged. This is why its useful to test with Braiins OS booting from the sd card with jp4 jumper moved.

Bitmain solution simply tries to (blindly) reflash back the firmware. If this nand storage is damaged no amount of reflashes would do anything.
legendary
Activity: 2394
Merit: 6581
be constructive or S.T.F.U
(Virus is blocking SD card flashing)

I doubt the accuracy of this statement , not specifically denying the problem just doubting the cause.

In most cases any miner virus won't be really able to lock you from SD flashing , have you flashed any miner with an SD card before ? Just want to make sure that you are not making any mistakes.

You should also check your pc for viruses, there is a good chance that whichever virus affecting it sits on one of the pcs on your network.
legendary
Activity: 3374
Merit: 3095
Playbet.io - Crypto Casino and Sportsbook
Or you control board is not reading SD card because your SD card slot from the control board is full of dust. Try cleaning it with lacquer flo and remove the dust and resold the SD card terminal this mostly solve my issue in other devices. So possible it might also work in s9 miner.

Never heard that there is a virus that can prevent you from flashing even other devices through SD card.

Anyway, since you mention about usb and serial maybe this thread is what you're looking for check this https://bitcointalksearch.org/topic/rescuing-a-bricked-t9-and-s9-control-board-howto-2386296.
legendary
Activity: 2030
Merit: 1569
CLEAN non GPL infringing code made in Rust lang
How did this virus infect your miners? Did you ever change the web and ssh passwords?

I don't think a virus can block jp4 jumper to boot from sdcard. Did you ever try booting Braiins OS? This should work without fail.
newbie
Activity: 1
Merit: 0
Hello guys!
We have virus which decreasing hash rate and steal it.

Can anybody help how to connect to Bitmain Antminer S9 Miner via CP2102 USB/Serial bridge? (Virus is blocking SD card flashing)
How to erase existing infected software on board and flash it with new firmware?

Thank you in advance for help! Hope this virus will avoid you!
Jump to: