i made bat file for run both programs when windows start
https://www.youtube.com/watch?v=u4PRxUi3u3I&feature=youtu.be
Topic: Ethereum Mining NoDevFee 0% v15.0 🔥 - page 21. (Read 164810 times)
Its good if its really work but I had experience with adware and backdoors when giving run as admin. hopefully this will real. 
I stopped using this when I stopped dual mining(2-3 weeks ago).
Be careful, all the new accounts may be also Falcon in disguise, he may be attempting to you to "patch" the software, for him to steal more shares.
Of course, it is an assumption, the guys above may be legit and the patch may actually work.
Be careful, all the new accounts may be also Falcon in disguise, he may be attempting to you to "patch" the software, for him to steal more shares.
Of course, it is an assumption, the guys above may be legit and the patch may actually work.
Do we not have even a single reverse engineer in this entire forum? 
I reverse engineered the program in detail. There is no share theft anymore, when you apply the proposed patch.
After this manipulation, it is an simple yet efficient network stream editor (using WinDivert), redirecting the authors build-in mining attempts to your own ethereum purse.
Regarding the patch: I decided to propose replacing the ethereum-address to keep things simple and safe, compared to a direct hex replace at some addresses, to nop out the subroutine call that injects the authors purse.
Regards,
borox
Does falcon steal from Claymore fee share or the normal mining share?
Do we not have even a single reverse engineer in this entire forum?
I reverse engineered the program in detail. There is no share theft anymore, when you apply the proposed patch.
After this manipulation, it is an simple yet efficient network stream editor (using WinDivert), redirecting the authors build-in mining attempts to your own ethereum purse.
Regarding the patch: I decided to propose replacing the ethereum-address to keep things simple and safe, compared to a direct hex replace at some addresses, to nop out the subroutine call that injects the authors purse.
Regards,
borox
i can confirmed he is stealing some on us.
after i patched the nodevfee my shares were 70 higher.
after i patched the nodevfee my shares were 70 higher.
According to previous posts, even after patching, he is still stealing.
Well, I don't think so. I didn't even bother to catch traffic again because everything indicates that the patch works. I also observed the speeds with ethminer,
the results are same. https://i.imgur.com/DMSZ9tu.png 1 x 1060 and 1 x 1050ti dual mining here. Everything seems flawless. P.S. This is the second coin that I mine if someone wonders the speeds. https://i.imgur.com/qbxzdF2.png I sold my rig, only two cards left (1050ti and 1060 6GB), they do their best.
i can confirmed he is stealing some on us.
after i patched the nodevfee my shares were 70 higher.
after i patched the nodevfee my shares were 70 higher.
According to previous posts, even after patching, he is still stealing.
Whether mining pake vga can for eth
Do we not have even a single reverse engineer in this entire forum?
some members here , included me confirmed this 5 months ago , but you guys never listen
so all of you already paid the price for his software
he did a great job , we need more talented ppl like him
confirmed this 5 months ago , but you guys never listen so all of you already paid the price for his software
he did a great job , we need more talented ppl like him
i can confirmed he is stealing some on us.
after i patched the nodevfee my shares were 70 higher.
after i patched the nodevfee my shares were 70 higher.
Hello All,
I just spent some time trying to figure out how this works (I could made some mistake):
If we check git for STRATUM Pool https://github.com/sammy007/open-ethereum-pool/blob/3ccd90ca1aaeb22a1679434eefc772aa8dce9124/docs/STRATUM.md
And code of program 7.1 with Hex we will able to see then it should trigger:
utbound && tcp.DstPort == tcp.DstPort > 1000 && tcp.PayloadLength > 105 && tcp.PayloadLength < 500 eth_submitLogin eth_login mining.authorize 0x " Ethereum Mining detected! Waiting for a DevFee mining.
Ethereum Mining detected
Ethereum Mining detected to another wallet that you entered
{"worker": "eth1.0", "jsonrpc": "2.0", "params": [" {"id":2,"jsonrpc":"2.0","method":"eth_login","params":[" {"id": 5, "method": "mining.extranonce.subscribe", "params": []}
{"id": 2, "method": "mining.authorize", "params": [" ", "x"], "id": 2, "method": "eth_submitLogin"} ","x"]}
\ i n c \ C a t c h D e v F e e P a c k e t s D r i v e r 6 4 . s y s W i n D i v e r t 1 . 2 \ \ . \ W i n D i v e r t 1 . 2 C:\Users\Windows\Desktop\NoFeeSrc2\x64\Release\NoFee.pdb
Program use windivert it is Windows Packet Divert (WinDivert) is a user-mode packet capture-and-divert package https://reqrypt.org/windivert.html
And check then packet with login to pool came in.
Auth
{
"id": 1,
"jsonrpc": "2.0",
"method": "eth_submitLogin",
"params": ["0xb85150eb365e7df0941f0cf08235f987ba91506a"]
}
Then GetWork
And SubmitWork
So
1. we can verify if during login only OUR wallet presented
2. after worker authenticated I presume it should get and submit work only for particular wallet/account
I able to see in captured traffic Login not only with MY workers names but such:
{"worker": "eth1.0", "jsonrpc": "2.0", "params": ["HERE_IS_MY_WALLET_100%", "x"], "id": 2, "method": "eth_submitLogin"}
Can someone check if for example before patching you able to see eth_submitLogin to other addresses? And as well eth_submitWork - which I suppose more important?
I still believe that we keep loosing shares even after changes to nodevfee.exe
I just spent some time trying to figure out how this works (I could made some mistake):
If we check git for STRATUM Pool https://github.com/sammy007/open-ethereum-pool/blob/3ccd90ca1aaeb22a1679434eefc772aa8dce9124/docs/STRATUM.md
And code of program 7.1 with Hex we will able to see then it should trigger:
utbound && tcp.DstPort == tcp.DstPort > 1000 && tcp.PayloadLength > 105 && tcp.PayloadLength < 500 eth_submitLogin eth_login mining.authorize 0x " Ethereum Mining detected! Waiting for a DevFee mining.
Ethereum Mining detected
Ethereum Mining detected to another wallet that you entered
{"worker": "eth1.0", "jsonrpc": "2.0", "params": [" {"id":2,"jsonrpc":"2.0","method":"eth_login","params":[" {"id": 5, "method": "mining.extranonce.subscribe", "params": []}
{"id": 2, "method": "mining.authorize", "params": [" ", "x"], "id": 2, "method": "eth_submitLogin"} ","x"]}
\ i n c \ C a t c h D e v F e e P a c k e t s D r i v e r 6 4 . s y s W i n D i v e r t 1 . 2 \ \ . \ W i n D i v e r t 1 . 2 C:\Users\Windows\Desktop\NoFeeSrc2\x64\Release\NoFee.pdb
Program use windivert it is Windows Packet Divert (WinDivert) is a user-mode packet capture-and-divert package https://reqrypt.org/windivert.html
And check then packet with login to pool came in.
Auth
{
"id": 1,
"jsonrpc": "2.0",
"method": "eth_submitLogin",
"params": ["0xb85150eb365e7df0941f0cf08235f987ba91506a"]
}
Then GetWork
And SubmitWork
So
1. we can verify if during login only OUR wallet presented
2. after worker authenticated I presume it should get and submit work only for particular wallet/account
I able to see in captured traffic Login not only with MY workers names but such:
{"worker": "eth1.0", "jsonrpc": "2.0", "params": ["HERE_IS_MY_WALLET_100%", "x"], "id": 2, "method": "eth_submitLogin"}
Can someone check if for example before patching you able to see eth_submitLogin to other addresses? And as well eth_submitWork - which I suppose more important?
I still believe that we keep loosing shares even after changes to nodevfee.exe
@all: how important is the effective hash rate value?
Isn't the reported by miner value the one to look at?
Isn't the reported by miner value the one to look at?
If you hover over the effective hashrate value on the ethermine dashboard it gives an explanation....
"It is calculated according to your submitted shares using a 60 minute window"
So basically the higher the number the more shares you found in that 60 minute window.
@all: how important is the effective hash rate value?
Isn't the reported by miner value the one to look at?
C0inZ: yeah, it shows only the past hour values, nanopool shows the ones of each past hour, it makes it easier to compare IMO (for example: start at 9:00 and compare the accepted shares with the number after 1 hour (between 9:00 and 10:00)
for me (while using nanopool) it was the exact number
the default worker is the one with the redirected devfee share(s) and it usually disappears if nothing was found after the next devfee round 1 hour later.
Isn't the reported by miner value the one to look at?
C0inZ: yeah, it shows only the past hour values, nanopool shows the ones of each past hour, it makes it easier to compare IMO (for example: start at 9:00 and compare the accepted shares with the number after 1 hour (between 9:00 and 10:00)
for me (while using nanopool) it was the exact number
the default worker is the one with the redirected devfee share(s) and it usually disappears if nothing was found after the next devfee round 1 hour later.
C0inZ, the 2nd worker is called default or x?
if so, that's the redirected share worker
I wish ethermine would show the submitted shares as nanopool does ... would make it a little bit easier so see the number of shares/h for each worker
if so, that's the redirected share worker
I wish ethermine would show the submitted shares as nanopool does ... would make it a little bit easier so see the number of shares/h for each worker
Yes, the worker name was "default".
Ethermine does show the submitted shares, but only for the past hour. It's at the very bottom of the dashboard page. Mine did show 2 shares found for "default", but the second worker is gone from the page now. I don't know how long the stats will show a worker after its become inactive.
The red arrow in the pic is where I started running the patch. You can see a bump in the effective hashrate where a couple of shares were found during the devfee mining period. The hashrate is starting to level off back to "normal" now.
http://i67.tinypic.com/2i9inoj.jpg
C0inZ, the 2nd worker is called default or x?
if so, that's the redirected share worker
I wish ethermine would show the submitted shares as nanopool does ... would make it a little bit easier so see the number of shares/h for each worker
if so, that's the redirected share worker
I wish ethermine would show the submitted shares as nanopool does ... would make it a little bit easier so see the number of shares/h for each worker
Computer runs laggy after few hours when this program is on. After restarting and closing this program there are no more freezes.
You are just replacing some "static" strings that show in the program.
There isn't anything being mined to this address.
Stop spreading misinformation.
There isn't anything being mined to this address.
Stop spreading misinformation.
I don't really want to get involved in any conflict here, but I had to register just to say I agree with this.
The part of the exe that contains the two instances of the 0x783231dEBa1FaFd90b4F146fDB21a374C29737fF address just looks like some help/info text output for the cmd window. If people feel like changing this for the sake of "better safe than sorry", that's fine. Just don't go making accusations without more evidence than some apparently benign text in an exe file.
EDIT: After running this program for about an hour now my average hashrate is up quite a bit on ethermine (it fluctuates a lot normally anyway). When I first ran the patch it dropped from 14.4 down to 11.1 and I was a little concerned, but it quickly went back up and it's now at 32.2. It also now says I have two workers even though I'm only running a single GPU. Everything seems to be working as it should, but I'll keep an eye on things and report back after it's had more time to run.
You are just replacing some "static" strings that show in the program.
There isn't anything being mined to this address.
Stop spreading misinformation.
There isn't anything being mined to this address.
Stop spreading misinformation.
Dear Falcon (
) , whatever your assembly skills are (which i trully doubt..) one thing is for sure : Wireshark doesn't lie !!!I also believe the program will steal the normal mining shares. Sometimes, my miner will not show in the pool. So it gives you the Claymore shares, but steals your normal share, even after the patch.
We need more analysis of (disassemble) the program.
We need more analysis of (disassemble) the program.
I haven't patched it yet, but as soon as i do, i will be watching it through the days as my miners are rock solid !
Others should also post their experience after patching the program. That should be very helpful !
Thank you guys
You are just replacing some "static" strings that show in the program.
There isn't anything being mined to this address.
Stop spreading misinformation.
There isn't anything being mined to this address.
Stop spreading misinformation.
You should follow the thread before you comment, he put in a detailed analysis by inspecting network packets.. Hope you are not Falcon in disguise
And pls do not give your opinions if you do not know the facts.. For everyone else watching the thread, the patch is very simple and it works.. Without the patch your hash rate will go down and redirected to Falcon's address intermittently.
I also believe the program will steal the normal mining shares. Sometimes, my miner will not show in the pool. So it gives you the Claymore shares, but steals your normal share, even after the patch.
We need more analysis of (disassemble) the program.
Jump to: