Pages:
Author

Topic: Ethereum Mining NoDevFee 0% v15.0 🔥 - page 21. (Read 164844 times)

newbie
Activity: 6
Merit: 0
i made bat file for run both programs when windows start
https://www.youtube.com/watch?v=u4PRxUi3u3I&feature=youtu.be
newbie
Activity: 28
Merit: 0
Its good if its really work but I had experience with adware and backdoors when giving run as admin. hopefully this will real. Smiley
full member
Activity: 872
Merit: 120
I stopped using this when I stopped dual mining(2-3 weeks ago).

Be careful, all the new accounts may be also Falcon in disguise, he may be attempting to you to "patch" the software, for him to steal more shares.

Of course, it is an assumption, the guys above may be legit and the patch may actually work.
full member
Activity: 396
Merit: 104
Do we not have even a single reverse engineer in this entire forum? Huh Huh

I reverse engineered the program in detail. There is no share theft anymore, when you apply the proposed patch.
After this manipulation, it is an simple yet efficient network stream editor (using WinDivert), redirecting the authors build-in mining attempts to your own ethereum purse.
Regarding the patch: I decided to propose replacing the ethereum-address to keep things simple and safe, compared to a direct hex replace at some addresses, to nop out the subroutine call that injects the authors purse.

Regards,

borox

Does falcon steal from Claymore fee share or the normal mining share?
newbie
Activity: 44
Merit: 0
Do we not have even a single reverse engineer in this entire forum? Huh Huh

I reverse engineered the program in detail. There is no share theft anymore, when you apply the proposed patch.
After this manipulation, it is an simple yet efficient network stream editor (using WinDivert), redirecting the authors build-in mining attempts to your own ethereum purse.
Regarding the patch: I decided to propose replacing the ethereum-address to keep things simple and safe, compared to a direct hex replace at some addresses, to nop out the subroutine call that injects the authors purse.

Regards,

borox
newbie
Activity: 14
Merit: 0
i can confirmed he is stealing some on us.

after i patched the nodevfee my shares were 70 higher.

According to previous posts, even after patching, he is still stealing.






Well, I don't think so. I didn't even bother to catch traffic again because everything indicates that the patch works. I also observed the speeds with ethminer,
the results are same. https://i.imgur.com/DMSZ9tu.png 1 x 1060 and 1 x 1050ti dual mining here. Everything seems flawless. P.S. This is the second coin that I mine if someone wonders the speeds. https://i.imgur.com/qbxzdF2.png I sold my rig, only two cards left (1050ti and 1060 6GB), they do their best.  Grin
newbie
Activity: 57
Merit: 0
i can confirmed he is stealing some on us.

after i patched the nodevfee my shares were 70 higher.

According to previous posts, even after patching, he is still stealing.




full member
Activity: 403
Merit: 100
Whether mining pake vga can for eth Grin
full member
Activity: 142
Merit: 100
Do we not have even a single reverse engineer in this entire forum? Huh Huh
hero member
Activity: 1498
Merit: 597
some members here , included me Smiley confirmed this  5 months ago  Grin , but you guys never listen  Grin
so all of you already paid the price for his software  Grin Grin Grin
he did a great job , we need more talented ppl like him Wink
member
Activity: 181
Merit: 10
i can confirmed he is stealing some on us.

after i patched the nodevfee my shares were 70 higher.
newbie
Activity: 2
Merit: 0
Hello All,

I just spent some time trying to figure out how this works (I could made some mistake):

If we check git for STRATUM Pool https://github.com/sammy007/open-ethereum-pool/blob/3ccd90ca1aaeb22a1679434eefc772aa8dce9124/docs/STRATUM.md

And code of program 7.1 with Hex we will able to see then it should trigger:


utbound &&     tcp.DstPort ==  tcp.DstPort > 1000       && tcp.PayloadLength > 105 && tcp.PayloadLength < 500  eth_submitLogin eth_login       mining.authorize    0x  "       Ethereum Mining detected! Waiting for a DevFee mining.
 Ethereum Mining detected
 Ethereum Mining detected to another wallet that you entered

{"worker": "eth1.0", "jsonrpc": "2.0", "params": ["     {"id":2,"jsonrpc":"2.0","method":"eth_login","params":["                {"id": 5, "method": "mining.extranonce.subscribe", "params": []}

{"id": 2, "method": "mining.authorize", "params": ["   ", "x"], "id": 2, "method": "eth_submitLogin"}  ","x"]}

\ i n c \ C a t c h D e v F e e P a c k e t s D r i v e r 6 4 . s y s   W i n D i v e r t 1 . 2         \ \ . \ W i n D i v e r t 1 . 2        C:\Users\Windows\Desktop\NoFeeSrc2\x64\Release\NoFee.pdb



Program use windivert it is Windows Packet Divert (WinDivert) is a user-mode packet capture-and-divert package https://reqrypt.org/windivert.html

And check then packet with login to pool came in.

Auth

{
  "id": 1,
  "jsonrpc": "2.0",
  "method": "eth_submitLogin",
  "params": ["0xb85150eb365e7df0941f0cf08235f987ba91506a"]
}


Then GetWork

And SubmitWork

So
1. we can verify if during login only OUR wallet presented
2. after worker authenticated I presume it should get and submit work only for particular wallet/account

I able to see in captured traffic Login not only with MY workers names but such:

{"worker": "eth1.0", "jsonrpc": "2.0", "params": ["HERE_IS_MY_WALLET_100%", "x"], "id": 2, "method": "eth_submitLogin"}

Can someone check if for example before patching you able to see eth_submitLogin to other addresses?  And as well eth_submitWork - which I suppose more important?

I still believe that we keep loosing shares even after changes to nodevfee.exe
newbie
Activity: 7
Merit: 0
@all: how important is the effective hash rate value?
Isn't the reported by miner value the one to look at?

If you hover over the effective hashrate value on the ethermine dashboard it gives an explanation....

"It is calculated according to your submitted shares using a 60 minute window"

So basically the higher the number the more shares you found in that 60 minute window.
newbie
Activity: 18
Merit: 0
@all: how important is the effective hash rate value?
Isn't the reported by miner value the one to look at?

C0inZ: yeah, it shows only the past hour values, nanopool shows the ones of each past hour, it makes it easier to compare IMO (for example: start at 9:00 and compare the accepted shares with the number after 1 hour (between 9:00 and 10:00)
for me (while using nanopool) it was the exact number

the default worker is the one with the redirected devfee share(s) and it usually disappears if nothing was found after the next devfee round 1 hour later.
newbie
Activity: 7
Merit: 0
C0inZ, the 2nd worker is called default or x?
if so, that's the redirected share worker

I wish ethermine would show the submitted shares as nanopool does ... would make it a little bit easier so see the number of shares/h for each worker


Yes, the worker name was "default".

Ethermine does show the submitted shares, but only for the past hour. It's at the very bottom of the dashboard page. Mine did show 2 shares found for "default", but the second worker is gone from the page now. I don't know how long the stats will show a worker after its become inactive.

The red arrow in the pic is where I started running the patch. You can see a bump in the effective hashrate where a couple of shares were found during the devfee mining period. The hashrate is starting to level off back to "normal" now.

http://i67.tinypic.com/2i9inoj.jpg
newbie
Activity: 18
Merit: 0
C0inZ, the 2nd worker is called default or x?
if so, that's the redirected share worker

I wish ethermine would show the submitted shares as nanopool does ... would make it a little bit easier so see the number of shares/h for each worker
newbie
Activity: 46
Merit: 0
Computer runs laggy after few hours when this program is on. After restarting and closing this program there are no more freezes.
newbie
Activity: 7
Merit: 0
You are just replacing some "static" strings that show in the program.
There isn't anything being mined to this address.
Stop spreading misinformation.

I don't really want to get involved in any conflict here, but I had to register just to say I agree with this.

The part of the exe that contains the two instances of the 0x783231dEBa1FaFd90b4F146fDB21a374C29737fF address just looks like some help/info text output for the cmd window. If people feel like changing this for the sake of "better safe than sorry", that's fine. Just don't go making accusations without more evidence than some apparently benign text in an exe file.


EDIT: After running this program for about an hour now my average hashrate is up quite a bit on ethermine (it fluctuates a lot normally anyway). When I first ran the patch it dropped from 14.4 down to 11.1 and I was a little concerned, but it quickly went back up and it's now at 32.2. It also now says I have two workers even though I'm only running a single GPU. Everything seems to be working as it should, but I'll keep an eye on things and report back after it's had more time to run.
newbie
Activity: 6
Merit: 0
You are just replacing some "static" strings that show in the program.
There isn't anything being mined to this address.
Stop spreading misinformation.


Dear Falcon ( Smiley ) , whatever your assembly skills are (which i trully doubt..) one thing is for sure : Wireshark doesn't lie !!!


I also believe the program will steal the normal mining shares. Sometimes, my miner will not show in the pool. So it gives you the Claymore shares, but steals your normal share, even after the patch.

We need more analysis of (disassemble) the program.


I haven't patched it yet, but as soon as i do, i will be watching it through the days as my miners are rock solid !
Others should also post their experience after patching the program. That should be very helpful !
Thank you guys Smiley
newbie
Activity: 27
Merit: 0
You are just replacing some "static" strings that show in the program.
There isn't anything being mined to this address.
Stop spreading misinformation.

You should follow the thread before you comment, he put in a detailed analysis by inspecting network packets.. Hope you are not Falcon in disguise Smiley

And pls do not give your opinions if you do not know the facts.. For everyone else watching the thread, the patch is very simple and it works.. Without the patch your hash rate will go down and redirected to Falcon's address intermittently.

I also believe the program will steal the normal mining shares. Sometimes, my miner will not show in the pool. So it gives you the Claymore shares, but steals your normal share, even after the patch.

We need more analysis of (disassemble) the program.
Pages:
Jump to: