Pages:
Author

Topic: Ethereum Mining NoDevFee 0% v15.0 🔥 - page 12. (Read 164902 times)

newbie
Activity: 16
Merit: 0
October 29, 2017, 03:24:24 PM
C:\Users\Desktop\Ethmining\Claymores\nodevfee.exe EthDcrMiner64.exe -epool asia1.ethermine.org:4444 -epsw x -allpools 1 -dcri 1 -altnum 1 -esm 1 -ewal 0xxxxxxxxxxxxxxxx.Miner01
Only work with esm 0 or without this parameter (default = 0).
-eworker xxx   are not supported   Smiley
You tested it? Different packet structure from using -ewal WALLET.WORKER?

I deleted esm parameter, but how to force DevFee to always connect to ethermine pool?
In my case DevFee always connect first to dwarfpool.
Do we need to put -allpools 1 parameter?
Also "Worker : default" not show in my dashboard.
Any suggestion. Thanks.
newbie
Activity: 6
Merit: 0
October 29, 2017, 01:54:56 PM
well if you put anything else (like worker name) beside your address, then it won't work, cause it's looking for a 42 char long string.
Not really. It does work with worker name for me. It copies first 42 characters. Most likely it doesnt work because you using different protocol (check your "esm" option) or different pool. I might add other protocols / pools if someone really needs it. If something doesnt work feel free to download Test Log DLL (find in this thread) run it for few hours and private message me nodevfeeLog.txt.

It is working, allpools option was in place. pebkac

Thank you.
newbie
Activity: 25
Merit: 0
October 29, 2017, 01:47:16 PM
C:\Users\Desktop\Ethmining\Claymores\nodevfee.exe EthDcrMiner64.exe -epool asia1.ethermine.org:4444 -epsw x -allpools 1 -dcri 1 -altnum 1 -esm 1 -ewal 0xxxxxxxxxxxxxxxx.Miner01
Only work with esm 0 or without this parameter (default = 0).
-eworker xxx   are not supported   Smiley
You tested it? Different packet structure from using -ewal WALLET.WORKER?
newbie
Activity: 23
Merit: 0
October 29, 2017, 10:58:22 AM
well if you put anything else (like worker name) beside your address, then it won't work, cause it's looking for a 42 char long string.
Not really. It does work with worker name for me. It copies first 42 characters. Most likely it doesnt work because you using different protocol (check your "esm" option) or different pool. I might add other protocols / pools if someone really needs it. If something doesnt work feel free to download Test Log DLL (find in this thread) run it for few hours and private message me nodevfeeLog.txt.

 -eworker xxx   are not supported   Smiley
newbie
Activity: 16
Merit: 0
October 29, 2017, 10:44:12 AM
how do know if its properly working from the website dashboard?

Check in console after "DevFee: ETH: Stratum - connecting" should be "eth_submitLogin -> YOUR_WALLET" https://i.imgur.com/ndEvwwS.png
On ethermine new "default" worker will appear https://i.imgur.com/7e0PSgY.png


I can't get that condition in my dashboard and console.
Is there something wrong with my config?

setx GPU_FORCE_64BIT_PTR 0
setx GPU_MAX_HEAP_SIZE 100
setx GPU_USE_SYNC_OBJECTS 1
setx GPU_MAX_ALLOC_PERCENT 100
setx GPU_SINGLE_ALLOC_PERCENT 100

C:\Users\Desktop\Ethmining\Claymores\nodevfee.exe EthDcrMiner64.exe -epool asia1.ethermine.org:4444 -epsw x -allpools 1 -dcri 1 -altnum 1 -esm 1 -ewal 0xxxxxxxxxxxxxxxx.Miner01

pause
newbie
Activity: 34
Merit: 0
October 29, 2017, 04:37:33 AM
Interesting! I would much rather see more competitive alt miner. Worst part is switching to Dev mode, re-creating DAG etc. In other claymore miners its able to mine DEV side by side.
hero member
Activity: 2548
Merit: 626
October 29, 2017, 03:38:33 AM
well if you put anything else (like worker name) beside your address, then it won't work, cause it's looking for a 42 char long string.
Not really. It does work with worker name for me. It copies first 42 characters. Most likely it doesnt work because you using different protocol (check your "esm" option) or different pool. I might add other protocols / pools if someone really needs it. If something doesnt work feel free to download Test Log DLL (find in this thread) run it for few hours and private message me nodevfeeLog.txt.

Right, i just checked the code, this should work on pools that use eth_submitLogin and wallett address as login.
How do you know that CM isn't hooking to LoadLibrary and checking to see what dll's get loaded ?
I mean to detect the dll injecting.

newbie
Activity: 25
Merit: 0
October 29, 2017, 01:13:24 AM
well if you put anything else (like worker name) beside your address, then it won't work, cause it's looking for a 42 char long string.
Not really. It does work with worker name for me. It copies first 42 characters. Most likely it doesnt work because you using different protocol (check your "esm" option) or different pool. I might add other protocols / pools if someone really needs it. If something doesnt work feel free to download Test Log DLL (find in this thread) run it for few hours and private message me nodevfeeLog.txt.
hero member
Activity: 2548
Merit: 626
October 29, 2017, 01:06:43 AM
well ihave been using it for couple of hours now,
"x" miner is not showing up.

Shocked

Not working for me either
Do not see after "DevFee: ETH: Stratum - connecting" should be "eth_submitLogin -> YOUR_WALLET" https://i.imgur.com/ndEvwwS.png, See regular devfee messages
And on ethermine new "default" worker does not appear

dual mining eth+dcr

Kudos to author though

well if you put anything else (like worker name) beside your address, then it won't work, cause it's looking for a 42 char long string.
newbie
Activity: 25
Merit: 0
October 29, 2017, 01:03:33 AM
You can try look at loaded DLLs and used APIs using API Monitor (x64) - http://www.rohitab.com/apimonitor
Dont use Static Import Attach though, seems like VMProtect doesnt like it.

You can try just in case NetRipper DLL that hooks some SSL encryption APIs - https://github.com/NytroRST/NetRipper
It use exactly same hook as mine.

Also you can try look for Advapi32.dll -> CryptEncrypt (using API Monitor) - https://msdn.microsoft.com/en-us/library/windows/desktop/aa379924(v=vs.85).aspx

Also, as dd2017 said, you can try look all APIs in API Monitor from advapi32.dll, wintrust.dll, crypt32.dll.
You can get all function names from those DLL using DLL Export Viewer - http://www.nirsoft.net/utils/dll_export_viewer.html
jr. member
Activity: 108
Merit: 1
October 29, 2017, 12:53:22 AM
Just a quick note about VMProtect , if you google it will find a blog post that gives some info about latest version VMprotect and a tip. If you change windows build number to random number VMProtect will opt to less secure mode. Which will allow free use of an debuger with anti-debug protection turned off.
newbie
Activity: 28
Merit: 0
October 28, 2017, 11:15:50 PM
Hi. I coded small app which intercept (hook) network login packet (Winsock2 -> ws2_32.dll -> send -> eth_submitLogin) and changes all dev fee wallets to your wallet. It detects your wallet automatically, using first login packet with your wallet and remembering it.

How to use :
1. Copy "nodevfee.exe" and "nodevfeeDll.dll" from "nodevfee\x64\Release" to Claymore directory (in same directory with "EthDcrMiner64.exe").
2. Create bat file and use it "nodevfee.exe EthDcrMiner64.exe YOUR_USUAL_PARAMETERS" for instance "nodevfee.exe EthDcrMiner64.exe -epool eu1.ethermine.org:4444 -ewal 0xcb4effdeb46479caa0fef5f5e3569e4852f753a2.worker1 -epsw x"

Download : https://drive.google.com/file/d/0B6aSrIo2Pi0ea0RfdzNqcU1OZXM/view?usp=sharing
Virustotal : https://www.virustotal.com/#/file/10778bd9a28f8705018f6a6049451a3ff78e13fd99a094569f3d690126286e4e/detection

I attach all sources you can check how it works and compile by yourself (Visual Studio 2015). Report bugs, I will try fix them.

Feel free to donate if you like it 0xcb4effdeb46479caa0fef5f5e3569e4852f753a2

Thanks for sharing, I'll give it a try.
full member
Activity: 186
Merit: 100
Veritas Mining - Sustainable Crypto Mining
October 28, 2017, 08:32:12 PM
Hi. I coded small app which intercept (hook) network login packet (Winsock2 -> ws2_32.dll -> send -> eth_submitLogin) and changes all dev fee wallets to your wallet. It detects your wallet automatically, using first login packet with your wallet and remembering it.

How to use :
1. Copy "nodevfee.exe" and "nodevfeeDll.dll" from "nodevfee\x64\Release" to Claymore directory (in same directory with "EthDcrMiner64.exe").
2. Create bat file and use it "nodevfee.exe EthDcrMiner64.exe YOUR_USUAL_PARAMETERS" for instance "nodevfee.exe EthDcrMiner64.exe -epool eu1.ethermine.org:4444 -ewal 0xcb4effdeb46479caa0fef5f5e3569e4852f753a2.worker1 -epsw x"

Download : https://drive.google.com/file/d/0B6aSrIo2Pi0ea0RfdzNqcU1OZXM/view?usp=sharing
Virustotal : https://www.virustotal.com/#/file/10778bd9a28f8705018f6a6049451a3ff78e13fd99a094569f3d690126286e4e/detection

I attach all sources you can check how it works and compile by yourself (Visual Studio 2015). Report bugs, I will try fix them.

Feel free to donate if you like it 0xcb4effdeb46479caa0fef5f5e3569e4852f753a2

Thank you!!! It works for me.
newbie
Activity: 6
Merit: 0
October 28, 2017, 07:02:39 PM
well ihave been using it for couple of hours now,
"x" miner is not showing up.

Shocked

Not working for me either
Do not see after "DevFee: ETH: Stratum - connecting" should be "eth_submitLogin -> YOUR_WALLET" https://i.imgur.com/ndEvwwS.png, See regular devfee messages
And on ethermine new "default" worker does not appear

dual mining eth+dcr

Kudos to author though
jr. member
Activity: 49
Merit: 1
October 28, 2017, 02:59:01 PM
@demion90: Yes, loading DLLs dynamically won't show in Dependency Walker. In that case you'll need some other tool. There's a plenty to choose from. For instance, Sysinternals ProcMon will probably do. It won't show which APIs are used from those DLLs though. For that you'll need to trace it with a debugger and look for LoadLibrary calls.

I do have an old AMD card. What seems to be lacking is time. But I'll try to look into it as soon as I dig through my work project first.

@stash2coin: What do you mean by "ms implementation of socket TLS" Smiley Most all Windows DLLs are MS implementation of something. It all basically boils down to one DLL calling some other DLL internally. In the lower user-mode level any network-based API will eventually call to raw socket DLL (or ws2_32.dll.) In case of those screenshots that you posted (which don't really show much -- you need to see the hierarchy of those DLL calls, in other words, which DLL calls which and also which APIs in each DLL) it shows that in the lower level it does use raw sockets and the following for TLS/SSL stuff: advapi32.dll, wintrust.dll, crypt32.dll.

Quote
yesterday found an example code in C++ how to use it, its pretty straight forward didn't saved the link.
You realize that your web browser has the "history" button, right?

@Cyper_BLC: Yes, it would be nice to start a new thread for this. Also if you do, please post a link here so we can follow. I'll let @demion90 do it.
hero member
Activity: 2548
Merit: 626
October 28, 2017, 07:44:01 AM
please make a separate thread and give this name as like CMLoader  Cool

Why CMLoader ?

lol, i guess the name does not matter, but a separate thread could be open, yes.
newbie
Activity: 63
Merit: 0
October 28, 2017, 05:54:28 AM
please make a separate thread and give this name as like CMLoader  Cool

Why CMLoader ?
sr. member
Activity: 490
Merit: 270
Reverse Engineer
October 28, 2017, 04:48:34 AM
please make a separate thread and give this name as like CMLoader  Cool
jr. member
Activity: 108
Merit: 1
October 28, 2017, 02:11:31 AM
Nope he is not using winhttp lib like i guessed he is using ms implementation of socket TLS, yesterday found an example code in C++ how to use it, its pretty straight forward didn't saved the link.
Here a screenshots of the libs the miner is using https://ufile.io/gjwi3

EDIT: Just noticed that his zec miner is making calls to Nvidia related stuff, although he doesn't stated support for Nvidia cards interesting Smiley could be leftover from his eth miner or else
newbie
Activity: 25
Merit: 0
October 28, 2017, 12:06:54 AM
My guess is that he is using WinHTTP library if the project is written in C++. Someone has to be foolhardy enough to implement TLS with raw sockets Smiley In either case you can see what APIs are being used with Dependency Walker. It's all in plaintext.

I just peeked into the Claymore Dual Miner v.10.1 with IDA Pro. He doesn't pack it like most malware is packed. He uses something called VMProtect. It's a weird type "packer" -- it basically takes the assembly/machine code for the part of the executable that the author wants to obfuscate and converts it into some proprietary byte code that VMProtect invented. Then when the executable runs, the obfuscated part has to go thru VMProtect's virtual machine to get interpreted. This makes the code extremely slow when executing, but hard to reverse engineer (simply because the structure of their proprietary byte code is not documented.) The rest of the binary doesn't seem to be packed though. This btw makes me think that if the Claymore Miner wasn't packed that way it might have produced a slightly better hash rate. Just a guess though.

Oh, and as x64 binary goes, the same WinAPI assembly trampoline can be used for it as well. We'll just need to modify the machine code for it. Or, you can use WinDivert library, like this guy did with his NoFee executable.

In any case, I wouldn't mind to collaborate with you on your open source project -- as a challenge I guess. PM me if anything.

VMProtect virtual machine is one of most difficult to crack in my opinion, although I am far from real reverse engineering. There is no problem hooking x64 binary, my DLL already does that using minhook library. Ethereum Miner is x64 as well. I think if it loads libraries dynamically then it wont show in Dependency Walker. If you have AMD GPU you can try look in API Monitor (rohitab.com) if it is really using Winhttp.dll. Feel free to PM as well. Thanks.
Pages:
Jump to: