TL;DR for readers in a hurry: On 5 June 2026, Nikos (@MolonLabeVC / Molon Labe Holdings) released what is, to his knowledge, the first public Canaan A3197S reverse engineering — fully tracing the host-to-chip protocol of the Bitcoin mining ASIC inside the Canaan Avalon Nano 3s. The accompanying independent custom firmware TNA-OS drives the twelve A3197S chips directly: any pool, user-adjustable frequency and core voltage, modern Stratum V2 over an encrypted transport, dynamic vardiff — 0 % dev fee and zero phone-home telemetry. Another closed-source ASIC wall falls, and Avalon Nano 3s operators get their hardware out of the manufacturer’s cage.
What Nikos made public — and why it breaks with the status quo
Until 5 June 2026, Canaan’s A3197S was a black box in the strict sense: closed silicon, an undocumented host-to-chip protocol, an encrypted real-time firmware on a second RISC-V core that Linux intentionally never sees, and no published material describing how the chip is brought up, calibrated, fed work, or read out. Every Avalon Nano 3s in the wild ran — and still runs — exclusively on Canaan’s own sealed stack.
Nikos states it plainly in the published reverse-engineering report:
„This study cracked that wall: the complete A3197S serial mining protocol was recovered — chain enumeration, per-chip configuration and calibration, the high-speed bus bring-up, work dispatch, version-rolling (AsicBoost) setup, and the nonce-report format the chip returns. With the protocol understood, a branch of firmware (TNA-OS) was written to drive the chips directly, independently of any vendor software.”
— Nikos, Canaan Avalon Nano 3s — A3197S Reverse Engineering Report, 5 June 2026
The report lives in the new GitHub repository CryptoIceMLH/Nano3S, announced the same day in an X post by @MolonLabeVC. The work fits squarely into Nikos’ existing portfolio of sovereign Bitcoin tooling — ESP-Miner-LAN (Ethernet mod for Bitaxe / NerdQAxe), BitSatRelay (Nostr-over-satellite), ImmergeAxe (immersion cooling), and others. The throughline is clear: pull Bitcoin infrastructure out of the manufacturer’s cage.
For context: Nikos worked exclusively on his own hardware on his own bench and network. He did not touch vendor systems, and he deliberately withheld the reproducible low-level specifics from the published report. The report is meant to inform, not to ship a ready-made exploit recipe. Responsible disclosure done right.
Key facts of the Canaan A3197S Reverse Engineering breakthrough
| Aspect | Detail |
|---|---|
| Publication date | 5 June 2026 |
| Author | Nikos · @MolonLabeVC · GitHub CryptoIceMLH · Molon Labe Holdings |
| Reverse-engineering target | Canaan A3197S — SHA-256 mining ASIC, 10 hash engines per chip |
| Host device | Canaan Avalon Nano 3s — 12 × A3197S, Kendryte K230D dual-core RISC-V |
| What was recovered | Chain enumeration, high-speed bus bring-up (115,200 → 4.8 Mbaud), per-chip configuration & factory calibration, work dispatch, AsicBoost setup, nonce-report format |
| Custom firmware | TNA-OS — host daemon in Rust (statically linked), real-time-core application on the second RISC-V core, Angular web UI. 0 % dev fee. No phone-home. Source code currently not public — see source-status section below |
| Stock components preserved | Bootloaders (SPL + main, A/B), real-time-core image (SHA-256-fenced at build time), Linux kernel — surgical, not radical |
| Pool protocols | Stratum V1 and Stratum V2 over an encrypted Noise transport (ChaCha20-Poly1305, secp256k1/ElligatorSwift) |
| Mining proof | 12 / 12 chips active, ~3.55 TH/s confirmed at the pool, zero rejected shares, dynamic vardiff tracking verified |
| Privacy upside | No third-party telemetry — stock firmware reports operational data to external endpoints; TNA-OS speaks only to the operator’s configured pool |
| Operator control | User-adjustable frequency and core voltage, up to 8 pools with failover, fleet mode “Army” for multi-device setups |
| Dev fee | 0 % — no hashrate tribute to the firmware author |
| Publication | Reverse-engineering report public on GitHub — reproducible low-level details intentionally withheld. TNA-OS source code currently not public (see source-status section) |
Why this step matters for the entire home-mining industry
Bitaxe and NerdQAxe already demonstrated that independent custom-firmware stacks can work — but both rest on deliberately accessible Bitmain chips (BM1366, BM1370, BM1397) with published data sheets and hobbyist-friendly tooling. Canaan was the holdout: its own silicon lineage, its own undocumented protocols, its own encrypted real-time firmware. Buying an Avalon Nano 3s meant buying a miner whose behaviour the operator could not change, could not audit, and could not bring into an existing custom-firmware infrastructure.
Nikos’ work changes four things at once:
- The A3197S is no longer a black box. The protocol is understood, documented, and proven by a working independent driver. Future custom-firmware stacks (beyond TNA-OS itself) can build on this knowledge.
- Privacy becomes the default. Stock firmware reports operational data to external endpoints; TNA-OS cuts that stream entirely. Operators who care about their mining identity and IP privacy have, for the first time, a choice on Canaan hardware.
- Modern pool protocols become reachable. Stratum V2 with encrypted transport is unavailable on stock Avalon devices — TNA-OS delivers it. That opens the Avalon Nano 3s to SV2-only pools (Demand, Braiins SV2).
- Closed-source ASICs are not invulnerable. Canaan’s nominally proprietary ASIC ecosystem is reachable with patient reverse-engineering work — and once the protocol is understood, that knowledge persists. This holds regardless of whether the specific firmware built on top of it is later released openly or stays closed.
The movement towards independent custom-firmware stacks that carried cgminer, BFGMiner, Bitaxe, NerdQAxe, BitForge Nano, and ForgeOS from hobbyist territory into mainstream home mining has now reached the last major ASIC vendor too. Congratulations, Nikos.
What the report actually says — the most interesting technical findings
Three findings from the report deserve to be retold because they show how deep the work went:
The architecture is asymmetric dual-core. The Kendryte K230D has two RISC-V cores. Only one runs Linux and sees itself as “Brought up 1 node, 1 CPU”. The second core is a dedicated real-time controller that exclusively owns the high-speed serial bus to the twelve A3197S chips — unreachable from Linux directly. All inter-core traffic goes through shared-memory rings plus a message channel on port 201. Miss this model and you never get near the chips.
The bus runs on deliberate drift. At mining speed the host clocks at 24 MHz / 5 = 4.8 Mbaud, while the chip TX side runs at 25 MHz / 5 ≈ 5.0 Mbaud. The resulting ~4 % per-byte drift sits inside UART receiver tolerance — and it confused early analysis for hours until the chip’s own clock was pinned down.
Byte order is not wire order. In the work frame, the header fields are not in standard byte order: the chip front-end byte-swaps the words back into canonical SHA-256 input internally. And — the single most expensive bug class — if the chip-identity word’s byte order is wrong, the chip partitions its engines incorrectly across the nonce space and silently collapses to a few percent of its rate at every frequency. Look in the wrong place (“the silicon is slow”) and you never find the truth (“the silicon is excellent; the software was misconfigured”).
That is precisely the central claim of the report:
„What kept it throttled was never the silicon — it was the undocumented protocol and the vendor’s locked firmware […]. Once the protocol was cracked, the chip delivered.”
— Nikos, Reverse Engineering Report § 4.1
Translated: the Avalon Nano 3s chips are not mediocre. Stock firmware throttles them deliberately, because the product is positioned as “a heater that mines Bitcoin on the side”. With an own stack there is meaningfully more on the table — and the operator decides where the balance of hashrate, power draw, and noise should land.
Historical context — TNA-OS and the original BraiinsOS of 2018
The last comparable break in the ASIC-mining industry’s closed-source wall is nearly eight years old. In 2018 the Czech team behind Slush Pool released a fully open-source mining firmware for Antminer S9 devices: the original BraiinsOS (later called the “Community Edition”). Licence: GNU GPLv3. Code: public on github.com/braiins/braiins-os, including the mining daemon BOSminer. 0 % dev fee. A whole generation of Antminer operators could inspect, modify, and adapt their stack — and the body of knowledge that emerged then still carries the independent-mining scene today.
Since then Braiins’ position has shifted. Today most of the current BraiinsOS code base is closed source, and every device running it carries a mandatory dev fee of roughly 2–2.5 % of the hashrate to Braiins. Operationally still an excellent product — but on two axes notably distanced from the 2018 release.
It is on exactly those two axes that TNA-OS delivers the break:
- Dev fee: 0 % — the operator pays no hashrate tax to the firmware author. On this axis TNA-OS in 2026 sits closer to the 2018 BraiinsOS spirit than today’s Braiins product.
- Phone-home: none — TNA-OS only talks to the operator’s configured pool. Stock Avalon Nano 3s firmware reports operational data to external endpoints; current BraiinsOS has its own telemetry paths. TNA-OS cuts both.
Der Source-Status ist die eine Stelle, an der TNA-OS und das BraiinsOS-Original von 2018 sich nicht treffen — siehe nächster Abschnitt. Wer den Vergleich zieht, sollte sauber differenzieren: „wie BraiinsOS 2018 in Dev-Fee und Privacy-Hinsicht, anders als BraiinsOS 2018 in Source-Hinsicht.”
Source status of TNA-OS — where the code stands
The TNA-OS source code is currently not public. Nikos has published the reverse-engineering report on GitHub; the firmware implementation itself ships as a compiled distribution, not as an open repository.
Nikos publicly states the reason as an unresolved dispute from his past in the open-source Bitcoin-mining community — details and his own perspective are on his own channels (@MolonLabeVC, molonlabe.holdings). A future source release is explicitly not ruled out; it is tied to resolution of that dispute.
What can be stated factually is this: TNA-OS is an independent custom firmware with 0 % dev fee, no phone-home, and the operational guarantee that operator data does not leave the LAN. These three properties are immediately verifiable and stand independent of the source status.
Note on Nikos’ independence
A clarification that Nikos explicitly asked us to include, and that belongs in a piece like this: Nikos works as a one-man team, ~99.9 % self-funded. He is not affiliated with any commercial shop or manufacturer — neither with bitshopper.de, nor with the Dezentral Shop in Switzerland, nor with other players from the alternative home mining scene. This clarification is explicitly important to him, and we are happy to relay it here.
Note for Swiss readers
For readers in Switzerland: anyone considering an entry into Bitcoin home mining after reading this — or wanting to follow the Canaan A3197S reverse engineering with their own hardware — will find a carefully curated range with our friends Alex and Jonathan at the Dezentral Shop in Switzerland. Their stock currently includes the Avalon Nano 3S discussed in this report, as well as Bitaxe models, NerdQAxe, and other independently-operable devices. Shipping is from inside Switzerland, sparing Swiss customers any customs paperwork. We have been referring Swiss enquiries to them for a while and work with them on friendly terms — similar to our relationship with Duncan at The Solo Mining Co.
Dezentralshop is not affiliated with Nikos’ work; the pointer is purely a practical signal for Swiss readers who want to look at hardware options after reading.
Frequently asked questions about the Canaan A3197S Reverse Engineering and TNA-OS
Frequently Asked Questions
What exactly did Nikos publish on 5 June 2026?
Who is Nikos / @MolonLabeVC?
What is the Canaan A3197S?
What is TNA-OS?
Where can I buy the Avalon Nano 3S in the DACH region?
Is the reverse-engineering legal?
How does Nikos' work differ from the Avalon Nano 3 jailbreak at orca.pet?
How does TNA-OS compare to the original BraiinsOS from 2018?
What does "no phone-home" mean in practice?
Where can I support Nikos' work?
Thank you, Nikos — and on to what comes next
What Nikos has delivered here is more than a clever hack. It is a substantive technical report plus a working independent driver validated by pool-side accepted shares. That is the kind of work that counts in an open Bitcoin world — verified, documented, with a clean line between “what is informative” and “what would be an exploit recipe”.
Editorial questions on this post are welcome at info@bitshopper.de. Full contact details in our legal notice.
Sources & further reading
- Reverse-engineering report on GitHub: CryptoIceMLH/Nano3S
- Announcement on X: @MolonLabeVC, 5 June 2026
- Nikos’ project portfolio: Molon Labe Holdings
- GitHub profile: CryptoIceMLH
- Prior work on the Avalon Nano 3 jailbreak (independent, by Marcos Del Sol Vives): orca.pet/nanojb
- Canaan / Avalon official hardware source: canaan.io
- Historical open-source mining firmware (Community Edition under GPLv3): github.com/braiins/braiins-os
- Hardware source for Swiss readers (Dezentral Shop, Alex & Jonathan): dezentralshop.ch/bitcoin-mining
