Author

Topic: S9 owners DO NOT upgrade firmware to 2019 version, you will lose SSH access!!! (Read 1632 times)

legendary
Activity: 3374
Merit: 3095
Playbet.io - Crypto Casino and Sportsbook
Well i did something stupid and now i have a briked s15.
Lost the ip acces after interupting the firmware update from sd. Before this the miner was working ok, only from time to time was shutting down and needed an reset.

Currently cannot acces via IP and SD flash dosent work, the leds are allways on ( led and green). I have an serial-usb connector and instaled ubuntu but i don't know what to do next. If anyone can help me, i would appreciate it

Did you try to hard reset the s15 miner?
If not do this step.

- Run the miner first at least 5-10 minutes
- Hold the reset/IP reporter button in 15 seconds then release.
- Then check the miner again if you can detect the IP with IP scanner or the monitoring tool from bitmain.

If it doesn't work try to flash it again with SD card make a new SD card program recovery and then remove the ribbon cable of the miner's hashboard and only control board must be remain connected.

Update here if it solve your issue.
newbie
Activity: 5
Merit: 0
Well i did something stupid and now i have a briked s15.
Lost the ip acces after interupting the firmware update from sd. Before this the miner was working ok, only from time to time was shutting down and needed an reset.

Currently cannot acces via IP and SD flash dosent work, the leds are allways on ( led and green). I have an serial-usb connector and instaled ubuntu but i don't know what to do next. If anyone can help me, i would appreciate it
newbie
Activity: 5
Merit: 2
Normally people would just use the sd card method, where this is done automatically when moving jumper jp4, but i guess you may encounter the issue of that missing chip mentioned before...

unfortunately, it seems that the same problem (not flashing from SD card) may exist even if that missing chip is in place Sad Seems that Bitmain done something tricky to prevent their firmware being replaced by a thirdparty firmware.

There is a method to restore ssh access using an exploit in the first release. If you have installed the second release, it is possible to "downgrade" back to the first release, since both firmwares are signed. Then with the first release you can try the exploit. This uses proprietary code but is one way to restore ssh without physical access.

This one really worked in my case. BUT in my case, that tiny chip near SD card is in place, so can't tell if this will work for those whose control board does not have that chip in place.

I am not really good at these things, but it looks like what Bitmain hid under vague "further security" ended up being not entirely secure ... I mean if I managed to use that method to get rid of signature check for new updates, then a virus would surely be capable to use that to do its stuff.
legendary
Activity: 2030
Merit: 1569
CLEAN non GPL infringing code made in Rust lang
Hi,
MigaoMiner: I had exact same problem, because my board is just missing chip for sd card. With this method you dont need boot from sd card. Just keep jumper in default position, connect uart bridge, disable ssh as described and then you can install another firmware like braiin os.

Jacoob007: as far as I know this is not possible at the moment. We can just hope that bitmain will change their minds and in next fw we will have option to enable ssh ...

There have been at least two releases in 2019 for S9 firmware from Bitmain and both are "signed" with ssh access closed.

There is a method to restore ssh access using an exploit in the first release. If you have installed the second release, it is possible to "downgrade" back to the first release, since both firmwares are signed. Then with the first release you can try the exploit. This uses proprietary code but is one way to restore ssh without physical access.

The other methods involves using the sd card, or using the serial port. Both require physical access.

The serial port method is a little more involved, and requires either the rj45 to serial cable or using the 3 pin header to serial. Then you can manually overwrite portions of the nand using an sd card; or manually remove the signed firmware check so you can downgrade or install another firmware.

Normally people would just use the sd card method, where this is done automatically when moving jumper jp4, but i guess you may encounter the issue of that missing chip mentioned before...

With the sd card method you force the old T9+ firmware, which in turn allows reinstalling the old S9 firmware (you can't just leave the T9+ firmware because it doesn't hash anything with that).

OR, you can boot Braiins OS from the sd card and optionally install that from its Web UI instead.



Ok lets summarize this:

Remotely via software (closed source):
 
Physically using:


newbie
Activity: 12
Merit: 0
Hi Technak,

Do you think reinstall bitmain firmware using SSH will enable back "SD port"?

Anyway i can PM you please?

regards,

MM
newbie
Activity: 4
Merit: 4
Hi,
MigaoMiner: I had exact same problem, because my board is just missing chip for sd card. With this method you dont need boot from sd card. Just keep jumper in default position, connect uart bridge, disable ssh as described and then you can install another firmware like braiin os.

Jacoob007: as far as I know this is not possible at the moment. We can just hope that bitmain will change their minds and in next fw we will have option to enable ssh ...

Thanks and regards,
MK
newbie
Activity: 12
Merit: 0
Hi Technak,

Your write up is to enable SSH port for  firmware version may 2019.
May i know how you solve the issue of "2 led light up when changing the J4 jumper during SD card flashing" ?

thanks

MM
newbie
Activity: 2
Merit: 0
dear technak
tanx for your help
this method can use whit out the serial port
i can't accesses Physical to my device (far from me)
another problem like this how reprogramming nand by using serial port control board (brick)

tank you
newbie
Activity: 4
Merit: 4
Hi,

Unfortunately there is another type of board. I tried boot from SD several times but immediately after I switch jumper 4 to boot from SD position I got both leds green + red constantly on and nothing happen. After some google investigation I found that my board is missing some chip close to slot as you can see in images :-(

I ordered CP2102 UART to USB (https://www.aliexpress.com/item/1859102520.html) and hope that I will be able enable SSH on secure firmware or boot from tftp to remove secure firmware from my board.

Image 1 - Antminer S9 control board Ctr_C41 Vers: 1.20
As you can see there is some sticker with some chinese + TF Card
https://pasteboard.co/InjoGnE.png

Image 2 - detail of missing chip ..
https://pasteboard.co/InjppJn.png

Will add more information after converter arrive.

Thanks and regards,
MK



Hi,

I prepared guide how to enable ssh on secure firmware via serial console for those without functional SD card slot. I will also add steps how to unbrick antminer without sd card slot.

https://docs.google.com/document/d/e/2PACX-1vSu6XGV4Q40TerRPccB7xxTf2sKNkp1Bkwkdz4ILhIaa9qaT-NvZWtFrIBiwpRsG3NRlzvwQkbKyvsv/pub

Thanks and regards,
MK
legendary
Activity: 2030
Merit: 1569
CLEAN non GPL infringing code made in Rust lang
You can always try to revert to an older firmware:

https://support.bitmain.com/hc/en-us/articles/360019493654-S9-series-S9-S9i-S9j-S9-Hydro-Control-Board-Program-Recovery

Standard disclaimer: If you are not sure what you are doing don't do it. If you mess it up and brick your miner don't yell at me. You are doing this at your own risk.

I don't really like that information offsite so I'll paste it here:

Quote from: Jocelyn
S9 series (S9, S9i, S9j, S9 Hydro) Control Board Program Recovery

This method applies to the following situations:
    
  • The miner is power-off in the upgrading process.
  • The miner cannot start (cannot find IP).
  • The miner can only use the default factory workers.

Tools required:
    
  • The MicroSD card recommended capacity of less than 16GB. Larger capacity MicroSD cards are not recommended as they are very susceptible to errors.
  • A computer running Windows XP or later
  • Card reader

Software required:

We use the same image as T9+. Download Link: https://service.bitmain.com/support/download

On the left sidebar click "Flashing SD Card With Image>>Tools and Instructions to Image SD Card. Scroll up to the page and find t9+-SD Tools.zip. Load t9+-SD Tools.zip to your computer in a convenient file location.



Flashing Instructions :
    
  • Remove control board from miner assembly.
  • Know your control board model and enable it to flash using the SD card. (See three types of control boards explanation below)
  • Insert MicroSD card into computer and format to FAT32.
  • Unzip the downloaded  t9+-SD Tools.zip and copy the contents to the MicroSD card.
  • Insert the MicroSD card into the card slot on the control board
  • Power on the control board. Allow at least 90 seconds for the files to load automatically. When loaded, the red and green indicator lights on the control board will blink.
  • Power on the control board and access the miner interface. Go to the Upgrade page and Uncheck “Keep Settings”. Flash the firmware and run the miner for 20 minutes.

Note that there are three types of control boards and each of them requires a different way to enable flashing.

1. One complete board such as model CRT0401, CRT0402.
To enable it to flash using SD card, you need to shift the JP4 jumper to the right as shown below.

After flashing completed, power off the control board and shift the JP4 jumper back to the original position.



2. Double boards such as model CRT0302.
To enable it to flash using SD card, you need to shortcircuit the AB as shown in the picture below.  



3. Boards without SD card slot such as model CRT0301
It doesn't support SD card flashing.



Possible solutions to solve the flashing failure

1. Reformat the TF and make sure you've copied the correct firmware.
2. Press the TF softly to ensure it's well attached.
3. Dust and clean the TF.
4. Try with another good known TF.

Note: TF card = MicroSD card. This was coined in China to avoid paying Sandisk...

BTW: Moving the JP4 jumper is the same method you can use to boot Braiins OS without flashing it into NAND (ie. for safely testing it).
copper member
Activity: 658
Merit: 101
Math doesn't care what you believe.
Right at 100 miners reverted to original firmware via sdhc card at this point.  Its slow going, with 2 of us working, we can do about 5 an hour.  19 more to do this week and we are done.
legendary
Activity: 3500
Merit: 6320
Crypto Swap Exchange
I have tried to flash the firmware with the MicroSD in the antminer. It is still running off the March 2019 firmware. I also moved the jpr 4 to the right position so Idk what else to try. There is also no SD kit compatible with the S9 so I tried the Z9+ toolkit.

Reply in the other tread and ping out to ccgllc for some more help. I have only done mine they seem to have done more (20+ according to their post)
-Dave
newbie
Activity: 17
Merit: 0
I have tried to flash the firmware with the MicroSD in the antminer. It is still running off the March 2019 firmware. I also moved the jpr 4 to the right position so Idk what else to try. There is also no SD kit compatible with the S9 so I tried the Z9+ toolkit.
legendary
Activity: 3500
Merit: 6320
Crypto Swap Exchange
The problem is I have the new fimware and cannot upgrade. Therefore, i tried to ssh. That wouldn’t happen. Server denied. Then i tried to get into the configure file where they had everything commented. I attempted to edit it but still to no avail. Looks like i still have a lot to learn in linux. Btw, i will need another hashboard. I burn through these things like hot cakes.

No the change jumper and use SD card will let you downgrade:

https://bitcointalksearch.org/topic/m.50652435

-Dave
newbie
Activity: 17
Merit: 0
The problem is I have the new fimware and cannot upgrade. Therefore, i tried to ssh. That wouldn’t happen. Server denied. Then i tried to get into the configure file where they had everything commented. I attempted to edit it but still to no avail. Looks like i still have a lot to learn in linux. Btw, i will need another hashboard. I burn through these things like hot cakes. I had PSU 1 running Hashboard 1 and Control Board and PSU 2 running Hashboard 2 and 3.
legendary
Activity: 2030
Merit: 1569
CLEAN non GPL infringing code made in Rust lang
The good news is that there is going to be a method to boot Braiins OS from an sd card, and then while that is running, flash the controller's NAND storage from it so you could then take out the card move the jumper back and keep running Braiins OS. THEN, you could use the bOS to factory procedure to go back to an older factory release. A bit convoluted, but a solution none the less.

While its technically possible to do it right now, it is undocumented so please wait for future bOS releases that will document and expose this new install method in their UI.

Here are some tidbits, but please don't try it yet by yourself, you don't want a brick!

Quote from: Jan Čapek
For the time being, there is a workaround. We DO have a utility call bos2bos.py. It is intended for development purposes. However, it is able to remotely flash a machine that is running bOS SD card to a NAND version.

We will include this anti-evil feature into April/May update

So be patient that once again the free open source community is bringing out a solution.
legendary
Activity: 3500
Merit: 6320
Crypto Swap Exchange
So i already did this, only two of my three hashboards show status? Am i eff’d? I am also running 2 bitmain 1600W psu’s to run my antminer and it is on low power enhanced. It seems like it’s the only setting it works on. Somebody help!

2 x 1600 is a lot of overkill. Did you have 2 of them plugged into 1 board or did you have 1 running 2 boards and the other doing 1?

The danger of running on 2 psu's is 2 fold.

1) If the one running the controller goes offline the fans stop spinning. The hash board that still has power now has no cooling.
2) If you plug 2 separate psu's into one board you are now feeding in 12V from 2 separate 12V rails

With that being said. You can always try to revert to an older firmware:

https://support.bitmain.com/hc/en-us/articles/360019493654-S9-series-S9-S9i-S9j-S9-Hydro-Control-Board-Program-Recovery

Standard disclaimer: If you are not sure what you are doing don't do it. If you mess it up and brick your miner don't yell at me. You are doing this at your own risk.

Now that the lawyer talk is done.

I have not installed the new firmware but I have had it with some of the older ones where 1 board would drop out and going from firmware to firmware would fix it eventually.

-Dave
newbie
Activity: 17
Merit: 0
So i already did this, only two of my three hashboards show status? Am i eff’d? I am also running 2 bitmain 1600W psu’s to run my antminer and it is on low power enhanced. It seems like it’s the only setting it works on. Somebody help!
legendary
Activity: 4592
Merit: 1851
Linux since 1997 RedHat 4
When you have a networked machine with a full-OS controller, you get access. There is no good reason to lock someone out of his own hardware.

It's bad enough that they had full voltage control as far back as the second-version S7 without ever making it open. And building ASICBoost into the S9 from the start then waiting two years to make it open. And then speed-locked autotune firmwares, and the perpetual violation of open-source licensing on everything they've ever shipped out. And let's not get started on selling dust-filled machines as new, allegations of charging for old hardware while mining on new to steal further profits from cloud-mining contracts, and the various BitCH fork and pump and trade-war fiascos. When you already demonstrably can't trust a manufacturer, giving them a pass while working to remove transparency and user control even further is unacceptable.

Maybe it won't affect most folks directly. But the precedent should still cheese us off.
Yep they've been doing this for 5 or 6 years, (even I've posted about these issues on many occasions over the last 5-6 years) and over those years Bitmain have grown larger and most people on the forum have bought their miners, and DIRECTLY helped Bitmain do what they have done.

Actually I find it pretty hypocritical of these people complaining about this one particular change Bitmain has made, but they've bought Bitmain miners with ALL the other issues well known and have DIRECTLY helped Bitmain do this.

Oh well.
copper member
Activity: 658
Merit: 101
Math doesn't care what you believe.
Maybe it won't affect most folks directly. But the precedent should still cheese us off.

And it has... I refuse to by any new Bitmain gear and have been removing the 2019 firmware as I do annual maintenance on machines. 

legendary
Activity: 2030
Merit: 1569
CLEAN non GPL infringing code made in Rust lang
When you have a networked machine with a full-OS controller, you get access. There is no good reason to lock someone out of his own hardware.

It's bad enough that they had full voltage control as far back as the second-version S7 without ever making it open. And building ASICBoost into the S9 from the start then waiting two years to make it open. And then speed-locked autotune firmwares, and the perpetual violation of open-source licensing on everything they've ever shipped out. And let's not get started on selling dust-filled machines as new, allegations of charging for old hardware while mining on new to steal further profits from cloud-mining contracts, and the various BitCH fork and pump and trade-war fiascos. When you already demonstrably can't trust a manufacturer, giving them a pass while working to remove transparency and user control even further is unacceptable.

Maybe it won't affect most folks directly. But the precedent should still cheese us off.

Furthermore this is removing features originally present when bought. Was this even written in the upgrade notes? No, it wasn't. This is disrespectful to their customer base to say the least.



"Enhance security" = You won't be allowed SSH access into your Asic miner anymore.
If they respected their customers, it should have been optional, with an option exposed in the web ui to disable it.
legendary
Activity: 3374
Merit: 1859
Curmudgeonly hardware guy
When you have a networked machine with a full-OS controller, you get access. There is no good reason to lock someone out of his own hardware.

It's bad enough that they had full voltage control as far back as the second-version S7 without ever making it open. And building ASICBoost into the S9 from the start then waiting two years to make it open. And then speed-locked autotune firmwares, and the perpetual violation of open-source licensing on everything they've ever shipped out. And let's not get started on selling dust-filled machines as new, allegations of charging for old hardware while mining on new to steal further profits from cloud-mining contracts, and the various BitCH fork and pump and trade-war fiascos. When you already demonstrably can't trust a manufacturer, giving them a pass while working to remove transparency and user control even further is unacceptable.

Maybe it won't affect most folks directly. But the precedent should still cheese us off.
legendary
Activity: 4592
Merit: 1851
Linux since 1997 RedHat 4
When you have hundreds, you assign their IPs based on their racks and put a sticker on them ...
copper member
Activity: 658
Merit: 101
Math doesn't care what you believe.
The only valid reason IMO for wanting access is to fix the API access, but you can get around that also by changing the software to use what is available.
If your miner needs rebooting via the API every few hours, then there's something wrong with the miner.

SSH is also very handy for issuing "poweroff".  Since S9s have no indicator function, powering off a miner via SSH allows you to locate it, or a batch of "its", simply by looking for the S9s that do not have a blinking green light.
legendary
Activity: 4592
Merit: 1851
Linux since 1997 RedHat 4
It has 2 settings, as far as I know, from people who commented about it.

One for AB and another for lower frequency.

Not sure if you can use the lower freq without the AB setting (though wouldn't make any sense to do that), but both together end up with better results in the J/H arena at a lower hash rate.

i.e. anyone considering throwing them away, may still get use out of them with both settings on.
legendary
Activity: 4256
Merit: 8551
'The right to privacy matters'
braiins software is pretty good. once it is installed.

But I have 22-25 s9's and only 2 are using braiins.  I just did not bother switching out the other s9's>

I use bitmain's  9.5 th setting and their 13.5 th setting  depends if s9 lets me use the 13.5 I have a few that like to run on the 9.5th setting.

As for braiins  I do 10.05 th and 815 watts the 2  machines run pretty good on that.

I won't do the 2019 firmware since it locks the s9's down and I don't see what is better Ie does the 2019

do  10 th and 750 watts

does it do  13th and 1100 watts

If it did I would use the 2019 firmware.

Meaning if I lock my gear down I want to gain something for it.
legendary
Activity: 4592
Merit: 1851
Linux since 1997 RedHat 4
I'm not sure why you say 'hostile'

Truck loads of people bought T1s that locked you out of both ssh and even direct API access.
The key wasn't released until a LONG time after the T1 existed.

I think you'll find that not too many people care and those that do just want to run hack firmware that is, basically, a waste of time, and bad for the miner and owner.

The only valid reason IMO for wanting access is to fix the API access, but you can get around that also by changing the software to use what is available.
If your miner needs rebooting via the API every few hours, then there's something wrong with the miner.
legendary
Activity: 2030
Merit: 1569
CLEAN non GPL infringing code made in Rust lang
From various sources i have confirmed that if you update your firmware from Bitmain to any version from 2019, you will lose SSH access. This is the same thing they tried with the S15.

Quote from: Jan Čapek
We have this confirmed from one of the users. These are clearly evil intensions as they are taking away functionality from the user

they added the signing as on S15, which itself is good if it wouldn't lock people out

Hopefully someone will find ways to overcome this, but its clear Bitmain is becoming very hostile to their customers. Beware to not upgrade any Antminer's firmware beyond 2018.


Known methods to overcome this:

Remotely via software (closed source):


Physically using:

  • TF (microSD) card:

  • Serial port:
Jump to: