Bitcoin Forum
September 20, 2018, 04:02:55 PM *
News: ♦♦ Bitcoin Core users must update to 0.16.3 [Torrent]. More info.
 
   Home   Help Search Donate Login Register  
Pages: « 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 [22] 23 24 25 26 27 28 29 30 31 »
  Print  
Author Topic: Ebit e9 miner with 6.8Th/s from Ebang company a new rival for existing producers  (Read 62566 times)
smartass111
Member
**
Offline Offline

Activity: 101
Merit: 13


View Profile
December 04, 2017, 11:17:03 PM
 #421

Why would people pay for firmware that will just damage the unit? Overclocking asics is just plain stupid. Even if they survive the machine will drop the s7 levels of efficiency. Also it sounds like none of these guys understand how the fan controls work, yet another failure point. Also, $15 per unit for firmware? fuck you.

Try it for free, your rep is good enough for that. If you think than that this work doesn't deserve some fee - okay than.
There is only ability to overclock, and ssh added - for everything else you decide how to use.

And you always can keep using second bank

As for proof against unit damage etc - I recorded video with ebit e9+ updating using this FW
https://drive.google.com/file/d/1-1HbVozjc4P5d9ybRoF7bphFoJIvQG57/view

And sadly to hear such words since I also provided detailed steps how to get that access yourself without any fees. But it takes time per unit and requires some skills (you can ask how much that cost in any laptop/cellphone repair shop)


About fans. they are controlled directly by miner software (it is separate module), not by linux OS
all I understood - in latest FW (40, 42) they try to keep temp around 60C for the hottest board (this value is set in one of config files)
to control fan speed on your own I see 3 options
- keep using existing control, play with available settings
- rewrite and rebuild own cgminer (very hard work in general)
- external control (detach blue wire for max cooling, buy/develop some 555-based michrochip circuit and attached it to the wire)

more about access, what you get as a user:
- ability to upload new FW even with broken UI
- ability to restart unit remotely
- ability to change webUI password
- ability to restart just hanging UI
- secure it little bit if you want (snmp, firewall etc)
- explore things if you are a little bit familiar with linux

say thanks:
BCH 182kTk7ziJoSjVENuADGVTShCUx3Qq6GAK
1537459375
Hero Member
*
Offline Offline

Posts: 1537459375

View Profile Personal Message (Offline)

Ignore
1537459375
Reply with quote  #2

1537459375
Report to moderator
1537459375
Hero Member
*
Offline Offline

Posts: 1537459375

View Profile Personal Message (Offline)

Ignore
1537459375
Reply with quote  #2

1537459375
Report to moderator
Make a difference with your Ether.
Donate Ether for the greater good.
SPRING.WETRUST.IO
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
73blazer
Member
**
Offline Offline

Activity: 104
Merit: 12


View Profile
December 04, 2017, 11:32:33 PM
 #422

Why would people pay for firmware that will just damage the unit? Overclocking asics is just plain stupid. Even if they survive the machine will drop the s7 levels of efficiency. Also it sounds like none of these guys understand how the fan controls work, yet another failure point. Also, $15 per unit for firmware? fuck you.

I think the object was to secure the thing, not so much to overclock it.   They come shipped with admin/admin for the web interface with no way to change it, damn near wide open snmp active,  and no ssh access so you can't administer them enmasse very easily without remote command line access not to mention there is no way to shut them off remotely without ssh, so if you sent your miner to a farm for cheaper power or your away for weeks at a time from your miners and the price of BTC drops dramatically...people want a way to shut the thing off.
I believe I posted many days ago on the very subject of "why do you want to overclock it" and all the caveats with overclocking your asics, and also on the subject of "why do you want to take control of your fans" when the manufacturer seems to have gone through great lengths to keep very specific control on the fans.
But, some people want to overclock and mess with their fans anyway, who is anyone to judge them. Mabey they just want to play, learn, mabey they don't care about efficiency or lifespan,  who knows. It's their miner, they can do what they wish with it.
naka.s
Newbie
*
Offline Offline

Activity: 5
Merit: 0


View Profile
December 05, 2017, 06:18:56 PM
 #423

Why would people pay for firmware that will just damage the unit? Overclocking asics is just plain stupid. Even if they survive the machine will drop the s7 levels of efficiency. Also it sounds like none of these guys understand how the fan controls work, yet another failure point. Also, $15 per unit for firmware? fuck you.

I think the object was to secure the thing, not so much to overclock it.   They come shipped with admin/admin for the web interface with no way to change it, damn near wide open snmp active,  and no ssh access so you can't administer them enmasse very easily without remote command line access not to mention there is no way to shut them off remotely without ssh, so if you sent your miner to a farm for cheaper power or your away for weeks at a time from your miners and the price of BTC drops dramatically...people want a way to shut the thing off.
I believe I posted many days ago on the very subject of "why do you want to overclock it" and all the caveats with overclocking your asics, and also on the subject of "why do you want to take control of your fans" when the manufacturer seems to have gone through great lengths to keep very specific control on the fans.
But, some people want to overclock and mess with their fans anyway, who is anyone to judge them. Mabey they just want to play, learn, mabey they don't care about efficiency or lifespan,  who knows. It's their miner, they can do what they wish with it.


It is always good to do some R&D, just make sure the equipment has costed you some money and there is a lot to be made out of the devices.
tekcomm
Newbie
*
Offline Offline

Activity: 9
Merit: 0


View Profile
December 05, 2017, 07:11:13 PM
 #424

Quote from bitmain:

"We hereby declare that this function is designed for those mine workers who trust their miners to a mining plant, to allow them to remotely shut down miners when miners are stolen or detained without permission, and meanwhile to provide tracing clues to the law enforcement agency. Just like the function of remote removal and shutdown provided by many smartphone manufacturers, Bitmain will never employ the function without miners’ permissions. This feature is especially important when thefts or mine staffs’ delinquency happen in mining plants."

I already found similar code in the ebang miners and posted it to the forum.

onegiantcock
Newbie
*
Offline Offline

Activity: 63
Merit: 0


View Profile
December 06, 2017, 02:35:41 PM
 #425

Smartass11 is only asking for $15 and actually provides something useful. AVOID TEKCOMM - he is a threat to you and your miners. He's a blackhat punk hacker who poses as being helpful - asks for $50+ to install his "honest mistake" malware so he can steal from you some more. Then gives grade school bullshit excuses and after he gets paid.  The very definition of a SCAMMER.
freegeek
Member
**
Offline Offline

Activity: 68
Merit: 10


View Profile
December 06, 2017, 03:45:10 PM
 #426

All, there is no need to pay someone for some fancy firmware, put your miners behind a statefull firewall like an ubiquity edgemax ($70) and just block all inside to outside ip connections that have nothing to do with the pool you are using. Manage your miners via an encrypted vpn (ubiquity supports ssl and ipsec) and you are golden.
smartass111
Member
**
Offline Offline

Activity: 101
Merit: 13


View Profile
December 06, 2017, 04:21:40 PM
 #427

All, there is no need to pay someone for some fancy firmware, put your miners behind a statefull firewall like an ubiquity edgemax ($70) and just block all inside to outside ip connections that have nothing to do with the pool you are using. Manage your miners via an encrypted vpn (ubiquity supports ssl and ipsec) and you are golden.

Actually if you are running miners behind some NAT (in internal network behind router) - you don't need to worry about firewall I think

You may worry about china soft itself (inbound connections that cgminer make) - for example there are china pools hardcoded for sure

Just now ssh is just very very handy way to manage your miners remotely. And some insurance for cases when WebUI went down.
May be some more things and modifications will come in future (like nxsub support or fan control)

say thanks:
BCH 182kTk7ziJoSjVENuADGVTShCUx3Qq6GAK
73blazer
Member
**
Offline Offline

Activity: 104
Merit: 12


View Profile
December 07, 2017, 09:04:50 AM
 #428

WHen I turned on packet monitor , during dwang startup I've found  they are reporting or trying to report something to:
get ipaddr : 114.215.172.52officail name : e.g703.cn
their_ipaddr =114.215.172.52


that IP.
It comes back to some
Aliyun Computing Co.
City:
   Hangzhou
Country:
   China

It's live, you can ssh there.
I made a policy on my main router to send that address to oblivion.
smartass111
Member
**
Offline Offline

Activity: 101
Merit: 13


View Profile
December 07, 2017, 11:11:07 AM
 #429


I created FW based on 6.0.20.40. You can download it here
https://www.dropbox.com/s/f05u5oantyk45ki/btc_upgrade_6.0.20.40_mod_root.tar.gz?dl=0
https://drive.google.com/file/d/1IxlJSVQ9RT4VQ7gMhDwIjdOo6MH-4p1Z/view?usp=sharing
please double check sha1hash after downloading
b3a851093dc13eafe3e0f48bc0f2557c21ad2267  btc_upgrade_6.0.20.40_mod_root.tar.gz

I see unclaimed root password changes. Don't be shy, ask for them in PM or here (provide mac address and time you rebooted your miner after flashing)

say thanks:
BCH 182kTk7ziJoSjVENuADGVTShCUx3Qq6GAK
freegeek
Member
**
Offline Offline

Activity: 68
Merit: 10


View Profile
December 07, 2017, 12:15:24 PM
 #430

All, there is no need to pay someone for some fancy firmware, put your miners behind a statefull firewall like an ubiquity edgemax ($70) and just block all inside to outside ip connections that have nothing to do with the pool you are using. Manage your miners via an encrypted vpn (ubiquity supports ssl and ipsec) and you are golden.

Actually if you are running miners behind some NAT (in internal network behind router) - you don't need to worry about firewall I think

You may worry about china soft itself (inbound connections that cgminer make) - for example there are china pools hardcoded for sure

Just now ssh is just very very handy way to manage your miners remotely. And some insurance for cases when WebUI went down.
May be some more things and modifications will come in future (like nxsub support or fan control)


Yes you should. These things are shipped with a firmware that is basically a black box, it makes a connection from the inside to the outside. There is a very big misconception that NAT is a security feature
smartass111
Member
**
Offline Offline

Activity: 101
Merit: 13


View Profile
December 07, 2017, 12:44:52 PM
 #431

Yes you should. These things are shipped with a firmware that is basically a black box, it makes a connection from the inside to the outside. There is a very big misconception that NAT is a security feature

I meant that nobody can control your miner using web/ssh/snmp behind NAT

Of course SW you have running inside OS behind NAT can connect somewhere and after that receive commands

say thanks:
BCH 182kTk7ziJoSjVENuADGVTShCUx3Qq6GAK
73blazer
Member
**
Offline Offline

Activity: 104
Merit: 12


View Profile
December 07, 2017, 05:22:44 PM
 #432

127.0.0.1 it.



I made a rule on my firewall to deny packets from my miner group addresses out to any of these hardcoded BS sites. THe nice thing about that is the firewall keeps track of how many times it was denied and you can see those stats.
So far, hm.baidu.com was only once, it doesn't seem to get called on every page load. The e.g703.cn (114.215.172.52) gets hit every time dwang starts, this one looks bad, it's definitely reporting some crap to this site.
also hardcoded in dwang are several hidden pools, I denied all those too based on fqdn.
stratum+tcp://stratum.f2pool.com:3333
stratum+tcp://stratum.haobtc.com:3333
stratum+tcp://vipebite.btcxo.com:3334
stratum+tcp://stratum.btcchina.com:3333

none of those have been hit though, i think they may only exist to auto fill the details , when you go to the miner config webpage it has radio buttons for haobtc and btcchina (but not the other two???!?!?!?) ... but the rule to deny stays! We'll see if they get hit attempts over time
73blazer
Member
**
Offline Offline

Activity: 104
Merit: 12


View Profile
December 07, 2017, 05:25:04 PM
 #433

127.0.0.1 it.



I made a rule on my firewall to deny packets from my miner group addresses out to any of these hardcoded BS sites. THe nice thing about that is the firewall keeps track of how many times it was denied and you can see those stats.
So far, hm.baidu.com was only once, it doesn't seem to get called on every page load. The e.g703.cn (114.215.172.52) gets hit every time dwang starts, this one looks bad, it's definitely reporting some crap to this site.
also hardcoded in dwang are several hidden pools, I denied all those too based on fqdn.
stratum+tcp://stratum.f2pool.com:3333
stratum+tcp://stratum.haobtc.com:3333
stratum+tcp://vipebite.btcxo.com:3334
stratum+tcp://stratum.btcchina.com:3333

none of those have been hit though, i think they may only exist to auto fill the details , when you go to the miner config webpage it has radio buttons for haobtc and btcchina (but not the other two???!?!?!?) ... but the rule to deny stays! We'll see if they get hit attempts over time
73blazer
Member
**
Offline Offline

Activity: 104
Merit: 12


View Profile
December 07, 2017, 10:18:01 PM
 #434

Actually I just added a rule to allow to my pools and deny everything else.
The deny everything else has produced about 8 denials/hr/miner to various places, most of which you can ssh to and get a prompt. WTF ebang!?!?!?!?
73blazer
Member
**
Offline Offline

Activity: 104
Merit: 12


View Profile
December 07, 2017, 11:09:58 PM
 #435

Has anyone tried to just compile cgminer for arm and see if it picks up the asics on that thing? Never looked into how the mining software actually works, not sure how they talk to the asics.
the dwang crap really needs to go, dirty dirty stuff.
73blazer
Member
**
Offline Offline

Activity: 104
Merit: 12


View Profile
December 08, 2017, 03:52:34 AM
 #436

#!/bin/bash
echo "#################Create new auth.conf and snmpd.conf to secure your ebit miner ##########"
echo
echo -n "Enter Username: "
read user
./authpass --cipher md5 --file auth.conf example.com $user adminstrator

echo "New auth.conf created"
echo
cat auth.conf
echo
echo ##########################################################################################
echo "Create snmp.conf ReadOnly/ReadWrite Password"
echo -n "Enter SNMP ReadOnly Commmunity: "
read suser
echo

echo -n "Enter SNMP ReadWrite Commmunity: "
read spass

echo rocommunity $spass > snmpd.conf
echo rwcommunity $suser >> snmpd.conf

echo "New snmpd.conf created"
cat snmpd.conf
echo
echo "#If you would like to help free cgiminer and its api access from the evil ebit empire"
echo "#Please send donations too: 19ZMUgy5KGucLWiehQbo3rzwXWX3EPZpqT .005 btc or more please"


No need for authpass, it's just a md5 hash with no endline/newline char on it in the form of
admin:example.com:yourpasswd
Because they run appweb under the domain example.com, you can change that too in appweb.conf
Don't use a colon in your password!!! Appweb idgits.

Code:
echo
echo "Appweb auth.conf password generator"
echo
echo
echo "Enter userid (no colons!): \c"
read nuser
echo "Enter new Password (no colons!): \c"
read npass
echo "Generating appweb hash for user: $nuser password [$npass]....."
hash=`echo "${nuser}:example.com:${npass}\c" | openssl md5`
echo =================
echo "Your new Hash is : $hash"
echo =================
echo
echo "Place this line in your auth.conf:"
echo =================
echo "User admin $hash administrator"
echo =================
echo
exit 0

I thought about ditching the resolv.conf too, but that seems rather brute-force-ish. The rule on the firewall works great, allow out to your pools via FQDN so you don't need manage the round-robin ip's the pools use, then deny all  outbound from your miner group addys.
#      From   To   Priority   Source         Destination   Service   Action   Users
36      LAN      WAN   1   EbitMiner40-50           MinerPools    Any      Allow            All      
37      LAN      WAN   9   EbitMiner40-50           Any            Any      Deny            All   
I have defined on my firewall/router EbitMiner40-50 address object  as a range of addresses that only the miners fall in and MinerPools address object  as my pools by name, the router will keep track of the various ip's associated with those names
I've had a running trace on 37 to show me exactly what's being blocked..
After dwang is going, nothing, but during dwang startup..watch out, it wants to connect to all kinds of internet ip's, as well as many 192.168 internal ips they must being using in their development office.

I would HIGHLY recommend anyone with a ebang miner to create that rule-set on their firewall. It won't affect it's operation, there's no hack or code required and you don't need to touch your miners or break into them, just some rules to box in your miners so they can only talk to your pools,  and keeps your miner from reporting all kinds of stuff to various entities in china.
freegeek
Member
**
Offline Offline

Activity: 68
Merit: 10


View Profile
December 08, 2017, 05:03:45 AM
 #437

So your telling me that the client that you use to connect to it does not allow connections to the miners. The exploit is in the appweb code itself in the firmware.
You------------------------> Miner
You----Fetch Code-----> Miner.
Does not matter what the Miners are behind because the code is run from the connecting client and then executed on the Miner.
Does not matter what the miners are behind or if your use a vpn to connect to them.
So, Unless you invalidate all ssl certified servers the code has already ran. On every page on every miner you have connected to.
Now is when you say. "Oh Shit".

And for those of us with S9's yea heres the mea culpa from bitmain about there backdoor.
https://enforum.bitmain.com/bbs/topics/4194


You got it, you are definitely not a complete idiot like smart-ass.

Smiley
Here, to remove the remote exploit of the ebang miners try running this batch file.
Your firewalls are useless against ebangs remote exploit. Here is how to disable it on a per machine basis.
Check every version of firmware with fgrep -r baidu . You will find it in all of them
This is for both windows and windows 64 bit version. Linux users well we already know.
When you can remotely change any javascript variable on a page via remote execution its a bad thing mkay.

https://pastebin.com/raw/euPTXM1g

Update on the last bomb run on root, Currently the mask of 0X00EE-0X00FF on the 16 range pinyin for the root password has begun.

Smartass1 don't bother the code is in batch file and may be to complex for you.
How to tell a smartass is a dumbass, simple a dumbass can at least use cabextract to get one fucking file and follow directions.
Blob conversion of the s9's has begun to be fully gpl compliant.
Don't bother donating to me Ill collect the bounties Smiley

All, there is no need to pay someone for some fancy firmware, put your miners behind a statefull firewall like an ubiquity edgemax ($70) and just block all inside to outside ip connections that have nothing to do with the pool you are using. Manage your miners via an encrypted vpn (ubiquity supports ssl and ipsec) and you are golden.

Actually if you are running miners behind some NAT (in internal network behind router) - you don't need to worry about firewall I think

You may worry about china soft itself (inbound connections that cgminer make) - for example there are china pools hardcoded for sure

Just now ssh is just very very handy way to manage your miners remotely. And some insurance for cases when WebUI went down.
May be some more things and modifications will come in future (like nxsub support or fan control)


im a security network engineer, they can put whatever code in what they want, if i only allow connections from my miners to the public ip addressen I choose (pool of my choice) then these miners can not phone home.
73blazer
Member
**
Offline Offline

Activity: 104
Merit: 12


View Profile
December 08, 2017, 06:45:07 PM
 #438

I am going to explain this one last time. This is third and last time I will explain it. Its going to be long winded and complex.

Lets say burn out a miner remotely. Better burn your house down in honor of the
Talking Heads "Burning Down the House"
This Miner will self destuct in 10 seconds


A. You connect to your miner Smiley

B. Appweb sends back the esp file with a little surprise before you Finnish clicking the submit button on login.

C. Its not the miners that are connecting out, Its the machine your using a browser with.

Lets look a little closer.

fgrep -r baidu
Binary file cache/view_cbb7866fb91eccef78994dc93adea6fb.so matches
Binary file cache/view_fb23b72a36b7b4dbe70628d8cca96ed0.so matches
Binary file cache/view_c767ad3476fed9929b188b80cfbb45cb.so matches
Binary file cache/so.tar.gz matches
Binary file cache/view_035f15cc8bbe24799d3e54770f8d8295.so matches
Binary file cache/view_61b0e78a6f6e04dc3fe24ce0b7cf8e4f.so matches
Binary file cache/view_1e6f4c0c0a10cbe7cfc371f4f1d38e6c.so matches
Binary file cache/view_3a2b7a533e83e2d61b2cad29bb4b187e.so matches
Binary file cache/view_f77f36b0d78321b044f0e296a2c667a2.so matches
Binary file cache/view_afc502e1aa9bcff357e9eb694dabe642.so matches
Binary file cache/view_4d4d2036351546190541ac2a32bcc383.so matches
Binary file cache/view_53ea0d6735e4fb0329c094a648870277.so matches
Binary file cache/view_f6669d1b369196a904ea1967e72739a2.so matches
Binary file cache/view_b2068302aa7479365676d89b37de0a1e.so matches
Binary file cache/view_6f60de3de9ffb67d1f2e97f4b428386d.so matches
Binary file cache/view_04f9c7da622b21b96049f15706d92938.so matches

web/Ethernet/IPEthernetPort.esp:document.write(unescape("%3Cscript src='" + _bdhmProtocol + "hm.baidu.com/h.js%3F938ac8f30a6ec8c517f65bcdae695111' type='text/javascript'%3E%3C/script%3E"));
web/Ethernet/IPEthernetPort_en.esp:document.write(unescape("%3Cscript src='" + _bdhmProtocol + "hm.baidu.com/h.js%3F938ac8f30a6ec8c517f65bcdae695111' type='text/javascript'%3E%3C/script%3E"));
web/Cgminer/CgminerStatus.esp:document.write(unescape("%3Cscript src='" + _bdhmProtocol + "hm.baidu.com/h.js%3F938ac8f30a6ec8c517f65bcdae695111' type='text/javascript'%3E%3C/script%3E"));
web/Cgminer/CgminerConfig_en.esp:document.write(unescape("%3Cscript src='" + _bdhmProtocol + "hm.baidu.com/h.js%3F938ac8f30a6ec8c517f65bcdae695111' type='text/javascript'%3E%3C/script%3E"));
web/Cgminer/CgminerStatus_en.esp:document.write(unescape("%3Cscript src='" + _bdhmProtocol + "hm.baidu.com/h.js%3F938ac8f30a6ec8c517f65bcdae695111' type='text/javascript'%3E%3C/script%3E"));
web/Cgminer/CgminerConfig.esp:document.write(unescape("%3Cscript src='" + _bdhmProtocol + "hm.baidu.com/h.js%3F938ac8f30a6ec8c517f65bcdae695111' type='text/javascript'%3E%3C/script%3E"));
web/admininfo/getadmininfo.esp:document.write(unescape("%3Cscript src='" + _bdhmProtocol + "hm.baidu.com/h.js%3F938ac8f30a6ec8c517f65bcdae695111' type='text/javascript'%3E%3C/script%3E"));
web/admininfo/getadmininfo_en.esp:document.write(unescape("%3Cscript src='" + _bdhmProtocol + "hm.baidu.com/h.js%3F938ac8f30a6ec8c517f65bcdae695111' type='text/javascript'%3E%3C/script%3E"));
web/alarm/AlarmManagement.esp:document.write(unescape("%3Cscript src='" + _bdhmProtocol + "hm.baidu.com/h.js%3F938ac8f30a6ec8c517f65bcdae695111' type='text/javascript'%3E%3C/script%3E"));
web/Status/SystemStatusRpm_en.esp:document.write(unescape("%3Cscript src='" + _bdhmProtocol + "hm.baidu.com/h.js%3F938ac8f30a6ec8c517f65bcdae695111' type='text/javascript'%3E%3C/script%3E"));
web/Status/SystemStatusRpm.esp:document.write(unescape("%3Cscript src='" + _bdhmProtocol + "hm.baidu.com/h.js%3F938ac8f30a6ec8c517f65bcdae695111' type='text/javascript'%3E%3C/script%3E"));
web/update/help.esp:document.write(unescape("%3Cscript src='" + _bdhmProtocol + "hm.baidu.com/h.js%3F938ac8f30a6ec8c517f65bcdae695111' type='text/javascript'%3E%3C/script%3E"));
web/update/help_en.esp:document.write(unescape("%3Cscript src='" + _bdhmProtocol + "hm.baidu.com/h.js%3F938ac8f30a6ec8c517f65bcdae695111' type='text/javascript'%3E%3C/script%3E"));
web/update/update_en.esp:document.write(unescape("%3Cscript src='" + _bdhmProtocol + "hm.baidu.com/h.js%3F938ac8f30a6ec8c517f65bcdae695111' type='text/javascript'%3E%3C/script%3E"));
web/update/update.esp:document.write(unescape("%3Cscript src='" + _bdhmProtocol + "hm.baidu.com/h.js%3F938ac8f30a6ec8c517f65bcdae695111' type='text/javascript'%3E%3C/script%3E"));


Before the browser can render a page, it has to build the DOM tree by parsing the HTML markup. Whenever the parser encounters a script it has to stop and execute it before it can continue parsing the HTML. If the script dynamically injects another script, the parser is forced to wait even longer for the resource to download, which can incur one or more network roundtrips and delay the time to first render of the page. Now If you connect to the miner and are retrieving a javascript file from them is it run on the miner noooooo.
It is run on the client. Or the big box that has monitor you connect to miner with.

So thank your Mr Security engineer. A fucking firewall in front of every miner will not catch it because.

A. Its ssl encrypted because its sent from your client.
B. uses you pc that you like to whatever on to get the code.
C. Since it uses javascript you can get/alter/inject or turn off your fans and start your house on fire. Smiley

Lets Create a little sample exploit to Hmm ahh Change your mining pool remotely. Then Hmm set your asics on fire.
First lets disable the submit button

// Disable submit_callback submit buttons redirect to the ajax code to rewrite the variables and submit to the appweb controller after login in
$form['submit'] = array(
);

We have not logged in yet Smiley

Now as you click any code It can basically take any variable and change it like this.
Lets start with the meltdown

         Turn off all those pesky safety features, Like turn your fans on low and disable the auto shutdown
        
         $.post("/alarm/SetAlarmthreshold"

                        setValue("cgminertasknoanswer",data.feedback["cgminertasknoanswer"]);
                        setValue("tempalarmvalue",data.feedback["tempalarmvalue"]);
                        setValue("deviceclosetempvalue",data.feedback["deviceclosetempvalue"]);
                        setValue("devicesllowalarm",data.feedback["devicesllowalarm"]);

         Disable your fan,              
                        setValue("devicefan",data.feedback["devicefan"]);  //设备风扇
                        setValue("devicefan2",data.feedback["devicefan2"]);  

         Set you PLL to the MAX:
                       setValue("pllconfig",data.feedback["pllconfig"]);  

Now That your temp is disabled but it shows its normal, your fan is set to low your asics are set to high.
Remember this is a simple example you can do alot more.          
Because of this is on every page and

<script type="text/javascript">
var _bdhmProtocol = (("https:" == document.locatio[Suspicious link removed]otocol) ? " https://" : " http://");
document.write(unescape("%3Cscript src='" + _bdhmProtocol + "hm.baidu.com/h.js%3F938ac8f30a6ec8c517f65bcdae695111' type='text/javascript'%3E%3C/script%3E"));

Now as you connect to the web interface and it pulls there javascript.  Your miner has been turned into giant bic lighter.

Black hole the address. This is like one of the more simple back doors.

You disabled/killoff  your appweb, I thought. I still use the appweb, but I got rid of all this crap from the esp files in my "firmware". the miners are still trying to talk to at least two entities in china when dwang starts up, it's still a good idea to box your miners in by firewall, IMHO. tekcomm is right though, those esp files are also loaded with phone home crap that is execute on the browser/machine your using to connect to your miner. (if you havn't cracked your miner, al lyou have to do is view source on the frame in the web pages and you can see the stmts that are making your client machine connect to outside sources).
smartass111
Member
**
Offline Offline

Activity: 101
Merit: 13


View Profile
December 08, 2017, 08:07:39 PM
 #439

It is working pretty good without web app at all
For that you need to ssh into it and modify some startup files (here is already explained how)

Everything you need to set (pool addresses?), and get (temp, fan, rate?) - you can do it using snmp. At least no javascript in browser

say thanks:
BCH 182kTk7ziJoSjVENuADGVTShCUx3Qq6GAK
freegeek
Member
**
Offline Offline

Activity: 68
Merit: 10


View Profile
December 09, 2017, 10:23:00 AM
 #440

I am going to explain this one last time. This is third and last time I will explain it. Its going to be long winded and complex.

Lets say burn out a miner remotely. Better burn your house down in honor of the
Talking Heads "Burning Down the House"
This Miner will self destuct in 10 seconds


A. You connect to your miner Smiley

B. Appweb sends back the esp file with a little surprise before you Finnish clicking the submit button on login.

C. Its not the miners that are connecting out, Its the machine your using a browser with.

Lets look a little closer.

fgrep -r baidu
Binary file cache/view_cbb7866fb91eccef78994dc93adea6fb.so matches
Binary file cache/view_fb23b72a36b7b4dbe70628d8cca96ed0.so matches
Binary file cache/view_c767ad3476fed9929b188b80cfbb45cb.so matches
Binary file cache/so.tar.gz matches
Binary file cache/view_035f15cc8bbe24799d3e54770f8d8295.so matches
Binary file cache/view_61b0e78a6f6e04dc3fe24ce0b7cf8e4f.so matches
Binary file cache/view_1e6f4c0c0a10cbe7cfc371f4f1d38e6c.so matches
Binary file cache/view_3a2b7a533e83e2d61b2cad29bb4b187e.so matches
Binary file cache/view_f77f36b0d78321b044f0e296a2c667a2.so matches
Binary file cache/view_afc502e1aa9bcff357e9eb694dabe642.so matches
Binary file cache/view_4d4d2036351546190541ac2a32bcc383.so matches
Binary file cache/view_53ea0d6735e4fb0329c094a648870277.so matches
Binary file cache/view_f6669d1b369196a904ea1967e72739a2.so matches
Binary file cache/view_b2068302aa7479365676d89b37de0a1e.so matches
Binary file cache/view_6f60de3de9ffb67d1f2e97f4b428386d.so matches
Binary file cache/view_04f9c7da622b21b96049f15706d92938.so matches

web/Ethernet/IPEthernetPort.esp:document.write(unescape("%3Cscript src='" + _bdhmProtocol + "hm.baidu.com/h.js%3F938ac8f30a6ec8c517f65bcdae695111' type='text/javascript'%3E%3C/script%3E"));
web/Ethernet/IPEthernetPort_en.esp:document.write(unescape("%3Cscript src='" + _bdhmProtocol + "hm.baidu.com/h.js%3F938ac8f30a6ec8c517f65bcdae695111' type='text/javascript'%3E%3C/script%3E"));
web/Cgminer/CgminerStatus.esp:document.write(unescape("%3Cscript src='" + _bdhmProtocol + "hm.baidu.com/h.js%3F938ac8f30a6ec8c517f65bcdae695111' type='text/javascript'%3E%3C/script%3E"));
web/Cgminer/CgminerConfig_en.esp:document.write(unescape("%3Cscript src='" + _bdhmProtocol + "hm.baidu.com/h.js%3F938ac8f30a6ec8c517f65bcdae695111' type='text/javascript'%3E%3C/script%3E"));
web/Cgminer/CgminerStatus_en.esp:document.write(unescape("%3Cscript src='" + _bdhmProtocol + "hm.baidu.com/h.js%3F938ac8f30a6ec8c517f65bcdae695111' type='text/javascript'%3E%3C/script%3E"));
web/Cgminer/CgminerConfig.esp:document.write(unescape("%3Cscript src='" + _bdhmProtocol + "hm.baidu.com/h.js%3F938ac8f30a6ec8c517f65bcdae695111' type='text/javascript'%3E%3C/script%3E"));
web/admininfo/getadmininfo.esp:document.write(unescape("%3Cscript src='" + _bdhmProtocol + "hm.baidu.com/h.js%3F938ac8f30a6ec8c517f65bcdae695111' type='text/javascript'%3E%3C/script%3E"));
web/admininfo/getadmininfo_en.esp:document.write(unescape("%3Cscript src='" + _bdhmProtocol + "hm.baidu.com/h.js%3F938ac8f30a6ec8c517f65bcdae695111' type='text/javascript'%3E%3C/script%3E"));
web/alarm/AlarmManagement.esp:document.write(unescape("%3Cscript src='" + _bdhmProtocol + "hm.baidu.com/h.js%3F938ac8f30a6ec8c517f65bcdae695111' type='text/javascript'%3E%3C/script%3E"));
web/Status/SystemStatusRpm_en.esp:document.write(unescape("%3Cscript src='" + _bdhmProtocol + "hm.baidu.com/h.js%3F938ac8f30a6ec8c517f65bcdae695111' type='text/javascript'%3E%3C/script%3E"));
web/Status/SystemStatusRpm.esp:document.write(unescape("%3Cscript src='" + _bdhmProtocol + "hm.baidu.com/h.js%3F938ac8f30a6ec8c517f65bcdae695111' type='text/javascript'%3E%3C/script%3E"));
web/update/help.esp:document.write(unescape("%3Cscript src='" + _bdhmProtocol + "hm.baidu.com/h.js%3F938ac8f30a6ec8c517f65bcdae695111' type='text/javascript'%3E%3C/script%3E"));
web/update/help_en.esp:document.write(unescape("%3Cscript src='" + _bdhmProtocol + "hm.baidu.com/h.js%3F938ac8f30a6ec8c517f65bcdae695111' type='text/javascript'%3E%3C/script%3E"));
web/update/update_en.esp:document.write(unescape("%3Cscript src='" + _bdhmProtocol + "hm.baidu.com/h.js%3F938ac8f30a6ec8c517f65bcdae695111' type='text/javascript'%3E%3C/script%3E"));
web/update/update.esp:document.write(unescape("%3Cscript src='" + _bdhmProtocol + "hm.baidu.com/h.js%3F938ac8f30a6ec8c517f65bcdae695111' type='text/javascript'%3E%3C/script%3E"));


Before the browser can render a page, it has to build the DOM tree by parsing the HTML markup. Whenever the parser encounters a script it has to stop and execute it before it can continue parsing the HTML. If the script dynamically injects another script, the parser is forced to wait even longer for the resource to download, which can incur one or more network roundtrips and delay the time to first render of the page. Now If you connect to the miner and are retrieving a javascript file from them is it run on the miner noooooo.
It is run on the client. Or the big box that has monitor you connect to miner with.

So thank your Mr Security engineer. A fucking firewall in front of every miner will not catch it because.

A. Its ssl encrypted because its sent from your client.
B. uses you pc that you like to whatever on to get the code.
C. Since it uses javascript you can get/alter/inject or turn off your fans and start your house on fire. Smiley

Lets Create a little sample exploit to Hmm ahh Change your mining pool remotely. Then Hmm set your asics on fire.
First lets disable the submit button

// Disable submit_callback submit buttons redirect to the ajax code to rewrite the variables and submit to the appweb controller after login in
$form['submit'] = array(
);

We have not logged in yet Smiley

Now as you click any code It can basically take any variable and change it like this.
Lets start with the meltdown

         Turn off all those pesky safety features, Like turn your fans on low and disable the auto shutdown
        
         $.post("/alarm/SetAlarmthreshold"

                        setValue("cgminertasknoanswer",data.feedback["cgminertasknoanswer"]);
                        setValue("tempalarmvalue",data.feedback["tempalarmvalue"]);
                        setValue("deviceclosetempvalue",data.feedback["deviceclosetempvalue"]);
                        setValue("devicesllowalarm",data.feedback["devicesllowalarm"]);

         Disable your fan,              
                        setValue("devicefan",data.feedback["devicefan"]);  //设备风扇
                        setValue("devicefan2",data.feedback["devicefan2"]);  

         Set you PLL to the MAX:
                       setValue("pllconfig",data.feedback["pllconfig"]);  

Now That your temp is disabled but it shows its normal, your fan is set to low your asics are set to high.
Remember this is a simple example you can do alot more.          
Because of this is on every page and

<script type="text/javascript">
var _bdhmProtocol = (("https:" == document.locatio[Suspicious link removed]otocol) ? " https://" : " http://");
document.write(unescape("%3Cscript src='" + _bdhmProtocol + "hm.baidu.com/h.js%3F938ac8f30a6ec8c517f65bcdae695111' type='text/javascript'%3E%3C/script%3E"));

Now as you connect to the web interface and it pulls there javascript.  Your miner has been turned into giant bic lighter.

Black hole the address. This is like one of the more simple back doors.

You disabled/killoff  your appweb, I thought. I still use the appweb, but I got rid of all this crap from the esp files in my "firmware". the miners are still trying to talk to at least two entities in china when dwang starts up, it's still a good idea to box your miners in by firewall, IMHO. tekcomm is right though, those esp files are also loaded with phone home crap that is execute on the browser/machine your using to connect to your miner. (if you havn't cracked your miner, al lyou have to do is view source on the frame in the web pages and you can see the stmts that are making your client machine connect to outside sources).


my management station is equally behind a statefull firewall that blocks everything that is not needed, this includes all public Chinese (and Russian for that matter) address space.
Pages: « 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 [22] 23 24 25 26 27 28 29 30 31 »
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!