Feature, bug or backdoor? With Antbleed code, Bitmain can switch off Antminer by remote control!
The scandals around the Chinese ASIC manufacturer Bitmain do not stop. Yesterday a piece of code in the standard software of the S9 miner was revealed, through which the mining devices can be switched off from a distance. We talked to Bitmains Jihan Wu and a Canadian miner about the incident to create a little clarity. Bug or feature?
Yesterday the website Antbleed went.com online. The professionally designed page reveals a backdoor in the software of the new generation of Antminern. These are the most popular and efficient mining machines on the market. They are made by Bitmain, a Chinese Asic producer. Since Bitmins Antpool Bitcoin Unlimited produces blocks instead of Segwit, the company has been the goal of a digital permanent rage of the Bitcoin commutity.
a:hover img{box-shadow:0 0 20px 5px rgba(255,0,0,0.6);}
As the Antableed website explains, there is a section with a mysterious function. The miner “connects every 1 to 11 minutes with a central server every 1 to 11 minutes. Each connection transmits the serial number of the Antminer, the Mac address and the IP address.“Such a secret, the privacy -hurtful connection is questionable – but only the beginning of the drama: Because when the server returns the information“ false ”, the miner stops mining.
With this code, Bitmain can shut down any Antminer of the S9 series. As the website explains, the company can also control and shut down specific miners using a standard number or IP address. Since the call to the server is also written somewhat unsafe, man-in-the-middle attacks or large anti-dos providers like Cloudflare can attack and shut down the miners. All of this seems to be correct without any doubt.
a:hover img{box-shadow:0 0 20px 5px rgba(255,0,0,0.6);}
Only protection against the theft of miners?
I tried to move Jihan Wu from Bitmain to a comment on a chat. Shortly before I wanted to publish the article, he replied (with which I had to describe the whole text again). He admitted that the Antableed website is largely correct and explains what the code is all about:
“It is a feature that we are currently developing and that is still incomplete. It should help the owners of miners to locate their devices if they are hosted at a third party. If the miners are stolen or hijacked, the owner can use this feature to switch off the miner.”
a:hover img{box-shadow:0 0 20px 5px rgba(255,0,0,0.6);}
In a statement that Bitmain published more or less at the same time, the company explains why this feature was developed: “This happened after it has happened several times that a miner was stolen by a farm or has been kidnapped by its operators.“The website lists some incidents from 2014, 2015 and 2017, during which several thousand Antminians were collected by the hosting providers.
Because of technical problems, explains Jihan Wu, the feature was never completed. The fact that a malignant party is able to patch the code so that you can no longer shut down the miner makes it more or less worthless. If you admit that it is “a bug to leave the code and shut down the test server. We have now removed the code and published a new version of the firmware.”
a:hover img{box-shadow:0 0 20px 5px rgba(255,0,0,0.6);}
No killswitch, but a “phone call home” feature?
Before I chatted with Jihan Wu, I had a conversation with a Canadian miner about Antbleed. The miner wants to remain anonymous, so only so much: he sheats different cryptocurrencies and operates a mining farm with different devices, including Antminer S9. His explanations are partly invalid by the statement of Jihan Wu, but still throw an interesting light on the code for debate – and they provide alternative explanations for its purpose in case that you do not believe Bitmain.
a:hover img{box-shadow:0 0 20px 5px rgba(255,0,0,0.6);}
The miner spent all night to test the incident. He explains that the remote server with which the Antminians connect, the DNS address Auth.miner link.com has. This address is currently inactive-if you ping it, there is no answer-but it is possible to forward the DNS address to another IP address locally by changing a file on your system. The Antbleed website provides a server with which you can connect your miner to find out whether the machine can be switched off from a distance.
The Canadian miner with which I talked about did not want to forward data to an Anyome website, which is why he “loaded the Antbleed Python Script onto a virtual machine and tested it for the whole farm”. The result was that 12 percent of his miners stopped mines. These are most, but not all machines that have been manufactured after Bitmain wrote the Antableed Code in the firmware. The miner could not explain why not all of the devices in question stopped with the mining.
a:hover img{box-shadow:0 0 20px 5px rgba(255,0,0,0.6);}
Asked if he thinks that this was a “killswitch” for Antminer, he replied: “I don’t think. It is actually just a feature that the miner can call at home and get an answer from the server. And the address on which he calls is inscribed in the code.“In order to chop this function, you have to manipulate the dissolution of the DNS address into an IP address, which is not trivial, but could be possible through governments, dyndns providers or anti-dos service providers such as Cloudflare.
At the same time, the miner agreed that Bitmain can “shut down all the machines that have the feature. And yes, you can also target specific customers, for example by storing the ID of the machine before you deliver it.“On the other hand,“ it is trivial to bypass the feature: you just have to insert one line into the file /etc /hosts.“The Antableed website explains how to switch off the function. This is probably the patch of which Jihan Wu says that he makes it worthless.
a:hover img{box-shadow:0 0 20px 5px rgba(255,0,0,0.6);}
Remote Control and Copyright
The Canadian miner agrees that Antableed was not installed as a bug or backdoor, but as a feature: “Some time ago,” he speculated, “I heard from Minerlink. That was a Bitmain project with which the miner can be controlled and observed from a distance, via a website.“The code, which was now unveiled,“ would call from the miner at the headquarters and forward data, such as the IP, the Mac address, the ID of the hashboard and so on.”
Since Bitmain apparently stopped working on the Minerlink project, the website is currently not responding to pings. This means that the function has probably never been activated. However, Jihan Wu denied the question of whether the code is part of Minerlink. On the contrary: “When the feature is finished, the users will be able to put on and configure their own Auth Server instead of going through miner link.”
a:hover img{box-shadow:0 0 20px 5px rgba(255,0,0,0.6);}
“It is either a feature that can be used to switch off the miner over the distance,” the Canadian miner continues, in order to then bring an interesting alternative into conversation, “but it may also be that Bitmain has found a way to prevent the miner from being copied.“Similar to Google supposedly wrote copyright protection for hardware as a backdoor in Android systems, with which Android devices could downhill, Bitmain could use the feature to identify and switch off fake hash boards.
a:hover img{box-shadow:0 0 20px 5px rgba(255,0,0,0.6);}
“Weaponize” code
“I don’t think there is a wish to use the code as a weapon,” says the miner, “Google does not drive all Android smartphones down. If the code had been intended in evil, they at least tried to disguise it.“From the miners’ point of view, the code was only used by Core fans as a weapon to damage Bitmain’s reputation. Since Bitmain decided to mines Bitcoin Unlimited instead of the Segwit developed by Core, the company has been under fire almost continuously. The professional design of the Antbleed website and the massive activity on social media immediately after the unveiling indicate that Antbleed was at least used to make mood against Bitmain. So to speak as a by -product of unveiling.
a:hover img{box-shadow:0 0 20px 5px rgba(255,0,0,0.6);}
However, this does not change the facts. The option to shut down a miner, be it by the owner, Bitmain or a government, should not exist. The fact that she slept unnoticed and unknown in the mining software until it was unveiled does not throw good light on Bitmain. Who knows what else is in the software? At this point you can only hope that the unveiling will help to deactivate the feature as soon as possible on as many miners as possible. The fact that Bitmain has already removed it is a step in the right direction.
a:hover img{box-shadow:0 0 20px 5px rgba(255,0,0,0.6);}
Today, you could have followed from all this, many people learn that mining is less safe than expected – while mining has become safer today.
