I have a DR3 and unfortunately I didn't know about it. In good faith, I (although there was no reason) upgraded to the November fw. It is functional, but does not allow to reduce the fan speed. I will never give a new bitman's shit fw for no reason.
Is there any new solution to get older fw into DR3? Or via SD card? It never worked for me on another Antminer. In addition, there are no jumpers on the DR3 control board for switching to the SD card, and I didn't find anything about that on the net.
Thank you!
Topic: Warning: Latest Bitmain firmwares are being locked down and disabling ssh (Read 298 times)
September 22, 2020, 06:59:21 PM
July 14, 2019, 10:06:30 AM
Just curious... How would we go about breaking this? I might want to look into this and could post a step by step...
January 21, 2019, 09:28:10 PM
Folk,
Bitmain has decided to "fight back" against third party firmware on their units. Their most recent units are shipping with firmware that has ssh disabled and some firmware integrity checks in place to prevent you from installing another firmware. As of this post, the change is not in all of their firmwares, but they are adding it as they update them as best I can tell.
The checks are simplistic in nature, but effective because ssh is disabled by default.
I know this is the case on the new S/T15 units and it is the case on the latest (November?) DR3 firmware.... Once you move to that firmware, you cannot go to another one.
While this can easily be circumvented with physical access to a miner, it isn't something that is (as of yet) easily solvable with a normal firmware upgrade.
Net-net, don't upgrade to their latest firmwares without a good reason to (they don't release release notes).
Their method is embedded in the firmware upgrades "runme" script, as well as the "upgrade" CGI script. It's a set of checks that look for a file signature against the script and if it matches via an openssl return code, the upgrade continues. If it doesn't, the upgrade fails with an "invalid signature" message.
Without SSH and/or serial console access to the units, fixing this is non-trivial, but not impossible.
I know how to go about breaking this, but I don't have any of the miners that are implementing this at the moment. My analysis so far has been a static analysis on their firmware files themselves... and I think they've done a simple but effective job.
I'll update this thread if/when I come up with some alternative ideas.
Thank you,
Jason
Bitmain has decided to "fight back" against third party firmware on their units. Their most recent units are shipping with firmware that has ssh disabled and some firmware integrity checks in place to prevent you from installing another firmware. As of this post, the change is not in all of their firmwares, but they are adding it as they update them as best I can tell.
The checks are simplistic in nature, but effective because ssh is disabled by default.
I know this is the case on the new S/T15 units and it is the case on the latest (November?) DR3 firmware.... Once you move to that firmware, you cannot go to another one.
While this can easily be circumvented with physical access to a miner, it isn't something that is (as of yet) easily solvable with a normal firmware upgrade.
Net-net, don't upgrade to their latest firmwares without a good reason to (they don't release release notes).
Their method is embedded in the firmware upgrades "runme" script, as well as the "upgrade" CGI script. It's a set of checks that look for a file signature against the script and if it matches via an openssl return code, the upgrade continues. If it doesn't, the upgrade fails with an "invalid signature" message.
Without SSH and/or serial console access to the units, fixing this is non-trivial, but not impossible.
I know how to go about breaking this, but I don't have any of the miners that are implementing this at the moment. My analysis so far has been a static analysis on their firmware files themselves... and I think they've done a simple but effective job.
I'll update this thread if/when I come up with some alternative ideas.
Thank you,
Jason
Jump to: